10341000x8000000000000000238120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.941{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.440{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE4937DC2A82D2FE4516C70AD968BFC,SHA256=118F195C39CFFD0E14D81DAA57AB3AF7B14E19CC8F499BBDAF7BEEBDE448191A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:06.837{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49984-false10.0.1.12-8000- 23542300x8000000000000000213299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:09.131{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED61C6D53FE5DFF9343142A4B86BF2BE,SHA256=734CC073CD3B31A12231A4EEDB5250D5CD31CE07EDEAD77B654B465867E17C3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:10.940{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D13ED02C940DE2E1B7B2CC5C59DE357C,SHA256=8DFB1D648C85C8FA1CE725D30291F859E40B936CB92F8721539FB219DFA9C8D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:10.440{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D19A4FB0EEDB6647ECCE984AF9F153A,SHA256=ED8123B9D77275422FCA69C0283A5A4063DEFF07B3269BC3FEC397EA31E33AAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:10.131{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=928F3969468DF0D4B309CEDF1EE44A25,SHA256=9F5C6C02177FDE6450B12584643DC6BB32B15427C04BCF620234F20C9B75CA83,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:10.193{6EDEAD03-E725-615E-7F01-00000000FD01}65845124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.776{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.772{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.772{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.477{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A537A7CF4B2C15565EEE88B341E5C0B,SHA256=47864E7390DCA6202900CECA9D3DF1491EC99B255D92121174F91082DA3F06CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:11.133{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19F3A9D2CDA9E9C838830DE9006CEEFB,SHA256=3393CE08FDC378F770674B0BE50FE9281C3457A5C68B313A4FF8488B478D5075,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.340{6EDEAD03-E727-615E-8001-00000000FD01}3445852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.110{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:11.089{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-022MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.526{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.493{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7BD1CFD8642CE8DFA6FE69EE3F9C02D,SHA256=A790F2A0DCF8C387ECF2D31C52B28E620FE250E79182222B3A616C1BD3ED87E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:12.149{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A580C918225B2C9A9DE200256995B08,SHA256=0BA04A69C89072DC21063BF756CFF6986A046919388046711261D47FBAC20EFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.124{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5DE211FE4198CB5B7C3E36E28D20CC10,SHA256=8B861E619A368A3A38EF0AC5529A409194B23749619FC27C215B9174C72D1E8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.993{6EDEAD03-E727-615E-8101-00000000FD01}65567088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:12.103{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-023MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.980{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64807-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.677{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5D3401EAE44C1004A8A899737D6DB512,SHA256=7CB0FDA7354FAA93A4A53A4791C1059918EFEEA4FF1A3A24A17C70B7A322752A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.672{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=371F5220BA72A2A7BF661D03D32BB9B8,SHA256=2A0A6FC5434590E49CC10C76EC6AF7426C172FFFF639DA97540994141D494FBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=45F19DBBE50B09BF3399083DD9550517,SHA256=2C2A1CCF320568641A5DAD95838B5529E270463081A1E52366F2F86BBD930619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=7C011A86854973D35A3C2517CE72C8F7,SHA256=0A136CF50DDE34085B1E025C54C9E2517664837EBC9FEF5AB5C79441C10AD607,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=D814916E9EABDC88F9EE11E44D0F1D63,SHA256=302E5783D73CDECDD351F067A844DDC05E2BA97D94A7437BB07A7B052D714B2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=3BC70E0C20C811F54C897DF0B7E559F9,SHA256=320D12582A358A51D354577D8D6261C1A26B1B6B2653A0FF1D993F992F2794D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.524{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F863238F7234391FBC127046355ABF5C,SHA256=9784778DB18EB357DA75D9A3077BBE856F681F5570A7E9D5E5C83F7652F7CC62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.493{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BDDE3C23E136059CFDAE580E1E060DE,SHA256=B95274FBFC710A8AE25E71C84221BD8F81BE4D09B3ECFEBE556613A7B65CC73C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:13.150{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84DC83E3B79CB48442D0D47F6E9B3834,SHA256=27A4AF806FAA9954A79DF568DE3A3B5D56B72DB195F424BE91731546F0AC8AFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:14.495{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C950CE76A3B37D412CC8D532156D62DF,SHA256=E54363E3EC390182A5A310442301BE87CC5804A5D5B00006C5C13527FEC43F56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:14.150{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E52D0F25B96B368CA433EF361782E526,SHA256=CFAB0FEE9CFF61066EE078EC110989D2FDC88EC12775E7402389282FCD3DC8CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:15.510{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEC964949469EFB71BBE36E20584E89F,SHA256=0BFB74F9203F58D0B9766C82E4C7523D8E6141055211D52E61ECA1F69B15CC16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:15.166{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E291D2262E91F0D21A9A58C9970DE5A,SHA256=251C71960145B02F4E496F5D828E1EA38337D7C2E47DC9139F4C6D45B38300E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:16.527{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04C36230D47103126D18F390A529BBB1,SHA256=5780C9CD1A8FC7A9CFADFC7220B10D7EBE7D1F60809369B9C3FE0A1F84E3BDC4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:12.761{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49985-false10.0.1.12-8000- 23542300x8000000000000000213309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:16.166{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D014651E883A1F545BE6D53AD7C826DD,SHA256=614BA36770FC804A7A99DC347324731C41205EBC78214A4D0471D29962AB080F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:17.528{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D2BCEC25029A0F7FB6051E57C3638A2,SHA256=CD23F30983E0FC3758D24D7C9DD4B2ABC5B767825B7A04F5830A2B4A5D31AC0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:17.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C81301549CEF2BD4B0A5FFA3CED1A88,SHA256=5E84DDD6AEC7A3ABFB28B25D30AEA09E96FDCC4EC1FD9F3F7F5A5E54E01026E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:18.542{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=244C4E24C300F68CA26E678DD41D57F5,SHA256=9530B8D640E4F92E2319CD59A96DEBB9E61BEF507A4D0F5E5EB272518A94CBEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:18.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D73859A07D61458738ED982576A1FAB,SHA256=788A9DDBE59EDC0B9FF9251C7D3645CF21116C9964729840D7C13C62120499A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:19.558{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE2CC3E7962AED408F6EE32CBE391B24,SHA256=EB67375F159D21353F17AF373250E9E8A8710B73EBA00D1F770F33D2C483A108,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:19.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC493C31C7B309494363C454520013E9,SHA256=5A78FDC62E1B4351EC1186E52CAEC297D2FEBA24CBDD4D3192D1D5E9D0C82D86,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:17.136{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64808-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:20.558{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15BD4CD19ACCE97A03E54DA4957301CC,SHA256=F385E2E3523C13F2706E16A7E7E46C4C879E2BC7E147BA23022E4E5E2BE1BB9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:20.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99CF6901E22CBA09F00BA2ECBF566B8D,SHA256=1D18CBEE74AA0007B1A4C26B53B0A306723C402EE000C8CDB3B016F31ABB9EB4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:18.714{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49986-false10.0.1.12-8000- 23542300x8000000000000000213315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:21.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F547DAAE22030473F71B22C461ECFC37,SHA256=68C9B20074CDF674295F3FA32C93D5F1B6C0263BB16B86BE42E424EC9105DFB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:21.559{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F07CFED1AF02FD84CE12BAF94310A19,SHA256=9B23899DAF5A018760DCB5096149ACDE28B873F85F500B2ED82759764997E772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:22.560{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27DF5D2F41640CE81956E3A40D5DD072,SHA256=790221F937176EE6F472D07C8763BDD5849CA61B059E176819B0EEA9E4CFB684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:22.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C18BCB5BBEC3BC4AD5899FFC2583A03,SHA256=4151F50FE7F1FDF9B6BE91372FDBDCC69D0C8E75AA5B98370D3C44F3C6E4155D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:23.578{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A45ECF136CBF45CDE6B838FB742393D,SHA256=1013F3B743FA2F81DA04A455C5A98864677593C7C1517BB20EA51592FC23B4C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:23.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45EEC5C3BAD095F66FA0C1888000E0C2,SHA256=C40BC5DF9238E8A90BB7BE0042F38C49FDC45CA97E2E97DC399D72186A31E8AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:24.595{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=271DC5DE8BB2CCA6779A3CD89DFEBCD5,SHA256=031777358EF0A8AC4A809509E118611BF02EAEACF3FCC07A1D3767EA35A88945,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:24.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E6AD2AC14E756EC1F56B55EAF136629,SHA256=B861DF59128E857722D4A2A69B34FC7A533235A144C6D91E4B80CC332478AC69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:25.596{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF2B24392BF605A351155CCCD7950768,SHA256=9699A2837476DFA2E256172A3184B40828BE1F979104742A5C9CF500E1F939E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:25.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDD5F19DDCC4B155617FE113723E1C42,SHA256=0FF25ED04E69590867CF754021A564AF5CE397BB6BA48F2468B39DEF28CD6A44,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:23.037{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64809-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:26.611{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DD32E3AB9AF2CDA4FFAE45D1025452B,SHA256=4ED24F29A5F425A89FB3BBB8F0B44B96E3117B1BE3C7C4C15D81B789EB46F41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:26.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=798322F61A9F07A74932219FCDDA9186,SHA256=87141481F2645699A40DFE84FB39015452CFCFDD67B863AA9BE7EBA41694DF0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:27.616{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=689BBAB1172E1E10D64271F0422F34A0,SHA256=3727D60E82E10608D22C6ECA394662BE678DC6D9146C9BE55F60D432988A1934,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:24.699{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49987-false10.0.1.12-8000- 23542300x8000000000000000213322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:27.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCF2AF2A0F612B19A9D1C94F224B9A15,SHA256=D2D84D0EC5D5520F4BFA7723D21FEA38540A80E00430AE47A5B8272ABDDA9E48,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.683{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000238180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.683{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.683{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF15f650.TMPMD5=C58952CF47A40E878145002B738FDDA8,SHA256=5246515B04772B58453EE8E8C5C9C6E9F2B2DADF381EDC92D5E1CAA1130C1630,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.630{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41C73B698492475B786F35F96DF709B3,SHA256=540E62D64C9CFD7B6F6B74898C38E1A8D88AD697303D09E42FEAD4F00CDBA166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:28.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0078E165E25D8E74B6E85E65040A0958,SHA256=5E3656616C4FB2D9ADD02D428839E6F96784457C4BE6A7FC226EA6D253CF754E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.087{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64810-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:29.647{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=643E4A88F2B83CE3A4041DAD60A54055,SHA256=8D568C1768C2930DEBCC97C5A1CE73DD2B04944AF51A9BEAB1A82CD7B478E432,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:29.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B367782A3490A34DAB963EBFAFC566FC,SHA256=33E76BFD31B05CFBCE5CA5B91F4835D4C103D60F4913DB58334C3E726DA33F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:29.381{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-022MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:30.647{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52A5155D98A98433FBC8272355BFCF6F,SHA256=B613E5C5FF4F56BB4FFDEBDD07A635C577C2D98AFDBBC65F126B3E1118ABC434,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:30.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E94268EB870C49733EF048D9F1434E96,SHA256=BB0E11BCA52850AD0237548F86A2258229A2EAE33B2CD675F7AE7D27A39A39C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:30.379{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-023MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:31.648{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36564D373447C637702FB7A3F19ED0D9,SHA256=578DAD59EEF63AE40DE1A35BDB8DDA1DE0BFA4219A260F56C7D48353E8F7E701,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:31.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A21B95F9CBD2824B619B52F8054231D5,SHA256=BFD4070911BEF34576D252B077F8ED538E4E5CB188BB2858490BAD772F74D777,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:32.668{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FC78284BD6A8E9855C6C23FBE541D2F,SHA256=EE50429FF036849BEF5108A592A5018C1E9930D91F289AEFE8305D732AD4A0C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:29.746{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49988-false10.0.1.12-8000- 23542300x8000000000000000213328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:32.185{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D6DDEBE3941B50547098753C9A51D20,SHA256=CA10DA29465992189DF6D644CB4D9C807B629B2C16A548A67FF565AA8FE61E60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:33.705{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDDE1488626439A4A7F8840EDA337953,SHA256=60973BF07071F0C97CADA44B3C51E7D15B08A3C8B97C370F872DF36729CB89DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:33.185{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17EDC82D36F4DF0761BD414CE42B4EB4,SHA256=0B915441415AFC429AD0E049D35389A1468E35E92203E0B10CAE21A0E9615FA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:34.720{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=632AADED4BAF09388AA27BA3B15B07A9,SHA256=A36C70028D66C8571F03ADDA0745F6376085B24CF429BDEC3307329E13C4866C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:34.998{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=DE5E090438AC1941686187C4EC4C6070,SHA256=CB1F0465047129EE0ADDD9A30603B3453DDA7CBFB3EEF30DE2F50098A854EE60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:34.186{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F3B7739061AA0E72DDDF2443326C938,SHA256=EFABD0577AB4DBC1E99D051342D5969E8C9848AF74D14EFF3D174EBBE4D3D0F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:35.735{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30C3A146563D7ED1714E48DB6C7BAF5B,SHA256=031613C66BD55FDF419FB6F45D90D53785A92E147A98FBB11B96FC626DFBB2F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:35.201{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272AE2E8D4B3530AD11BACCABED5DF10,SHA256=FB7E30B190AE08403DD0CB17F4349F66F908D78B37C6ED2E7FF589D801A5F594,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:33.096{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64811-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:36.736{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBED116BB56AB277AB4FF9D2C5562753,SHA256=0D3F22042FAB6374D4C2426B40BD9E82D2229809CEE0C7AB0D8DAEA2BB04002C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:36.201{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95CCF9917991A7536CC23102AEBD8A07,SHA256=C650DA64543DF3FDCA7B9C7A5357721486D7DA4F347F30989DD1A50CCA9BA483,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:37.737{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8CA000DD2B94B6D2C5BF75C92175271,SHA256=4A52C3C56A354B161373D7BD8920ABB1879B26F6D66936C4784AEB0C7627D345,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:34.824{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49989-false10.0.1.12-8000- 23542300x8000000000000000213335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:37.202{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=955117729AA9FC1611C11A7E07F4AE2E,SHA256=E275441873133080195943B5D5860F1358AA764306893FA17D6068FE7267DED4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:37.106{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E9C5969816E6E9EFFBBFCE31576052B1,SHA256=FE46E5645305CC5928592A347D97FCDF36AFADB595EE2F344EB13380F35DE0CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:38.755{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBE1484B479794938F74F3C86FAA6644,SHA256=1EAFE74BEA6A151059CD3C2E850C3C906C18A2D8CDA5A69475076C3F3C527D24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:38.202{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1381B172F9BDA03D81B549002B430E0,SHA256=69FD4E77CF27ADCCB99B5558FC974BDBF93DCCBE03D44A9FC17FD4C7391C6F7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:39.770{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67A7A109B73614BF619993381703B7E6,SHA256=BE6153D609DBF08A74E3F7FDE829A0386ABB34C589DA67911B55986F7B60B55E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:39.202{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=457C6E4105384837018AAC687A23731D,SHA256=45FFE9B2FA52AAD2679E667BDC457FCBCF75DB8E7A6AB067999D31665A6145D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:40.772{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BEA3448ED87A743ED42B9D531490CF5,SHA256=2CF8389393009A1012159B5E8246E0039BC9A4CBDE68F5513991FE6BBEAEF552,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:40.218{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F5C31D32E79F80E7DB747E3879BAA5B,SHA256=A23B681F227EA8B56006FBF00794EBD0C2647A7B88AD9D93651AFF4477D83291,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:40.571{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:38.979{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64812-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:41.774{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE34158B3111F6991EF8FA6B728F5BB9,SHA256=C44D8484A336252FBE4049021AC803EF7E34F8AA0F560537C2D7864A8FB638D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:41.234{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D2835E758875CB0FFEEAA3577A6D126,SHA256=B1BD06B4948FCF7518746E5B062790693364F3CDF88783E0A98A2C6C6F8C229A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:42.777{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E65989CEF9673A285A89037974F64AF1,SHA256=9E35883753D31DED413FBFA8257144B9F85A4AFD03ACBAEA5BB52241131BA889,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:42.249{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C09CC9A76FB403FC6FBEAC413740AEB,SHA256=B9758EAD2D13BEE4ED64499ACEDAB25D57DBFE593DE682EB8F99B3884CC15BB9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:40.465{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64813-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:43.778{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A4854CF33686CE98E2F0E6DFC45E7DA,SHA256=61A6AC0715BD340EED452F1D92FA94532476A58C41377B124BDE6CA0EE52EC44,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:40.746{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49990-false10.0.1.12-8000- 23542300x8000000000000000213342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:43.296{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=086D5490B7D885084D874068B4AB9AF2,SHA256=1639A2852E8A0FDC89F07B84301461918FC7BA359616948B056B01554E35E731,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:44.796{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E8CDDCAFADCB16322C9995E98BF496F,SHA256=4DA7005316029DBE4266DEEC5E292D5DFB7C8583FA8A28F1C0A67F946C52F272,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:44.312{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB73793560E54739E94CD8FBE560A4BB,SHA256=6D0EAAEBCB12F6D1127D85FE7B03A5E4481E535B20DEF1744DEC8B4B2AD7A869,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:45.815{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7B31C167FE0549182737B4BED2725FF,SHA256=D5121BB9034224A467CA89ABE2115A6051BC50A0A7D9FA8BEC4562DC3888B19E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:45.828{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:45.313{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=255031BE8BD40E785FF994E735A098E9,SHA256=AA27DBBFA1BDCF65B01CB41FFA7D4C09EA4C97C29CB0A2B1E755C14F796D2DA9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:44.006{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64814-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:46.816{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0287D657CB88B9F9EA117A05440C0C8E,SHA256=968C4F4A36CE249421AA5F134C4CC7192CB578EA23AF3EA5DA40E198123EE8CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:46.313{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D382634E1539FBD7AE620BB2ECBB82CC,SHA256=E89E1E5E1D206B5F86F93E732921F4101EFA6ACA21FD42345C8B7B4CE77E9896,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:47.819{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1AA19687A8B353CC5ADC814C4554FF1,SHA256=45A549D5399B54BDC1BDA39EA62624D770CA1CE88227FE5E0CF88A09977229D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:44.402{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49991-false10.0.1.12-8089- 23542300x8000000000000000213361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=724317496C48DA999E15C9C211C1B8F7,SHA256=A0820C42B651A4BC65885B92CC5FABBE6D285F12C46C8B5FEB54C1D67983CFDB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.329{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:48.835{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B3FA6B756AC1F535656398256DC74F8,SHA256=A6A2939D9FCD158FA5B17B888085CB5FF05E864A2FAEBB0E9939D1C128FB944D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.626{49C67628-E74C-615E-3B01-00000000FE01}2440528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D135C2D0B3F8FDA27157F43680D4CF7E,SHA256=C8C5D6019832E47274D1ECBC74558E802A4E602DDEC4B6584142F4B1D1CAADCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F2362A96CB67F14CBCDCF80E2CB242A,SHA256=FD7FA5F8B6CA42DF7CBAD659679CE543F446F46090902A7D72956B8604F9B03D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD0A7978901BD5C4D18BD6EB3A6C8125,SHA256=4CC88C017BD66CBCB9752D26F1C28675F7056E135D7740812B297E5701C4A109,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.439{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:49.837{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F09D72EED416E84043ADBE2218000A62,SHA256=3856BB24D4EB00AAC3DB3738D50002198D185BE392D31880A69C171DCDFC1577,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.876{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ABE3C87E5542D48B29C836F6E79E5BD,SHA256=2805956F7FCBF2CE11598AB7F9FF0FBD11CF3480F9F76C18EC51DDE5375422E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.454{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F2362A96CB67F14CBCDCF80E2CB242A,SHA256=FD7FA5F8B6CA42DF7CBAD659679CE543F446F46090902A7D72956B8604F9B03D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.111{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:50.868{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C256BAA377C4F5073B9D0283FDA64E47,SHA256=1B7CAC67CB45B933ABED400E0AC19DA15862E02350C83CAD55462395ED7D7BF7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:46.762{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49992-false10.0.1.12-8000- 23542300x8000000000000000213395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:50.470{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61BBC80E360AB54B9422013B0DB493C7,SHA256=0637A9BE0CA68AD7EC3E3E01D907BAFA7C13BA36E62F824AF20F27C83BF20D8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:51.919{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=641DF474358ABE3226807036EC8CD794,SHA256=B5F5A5505F77D68DB4AF4F14E940A03D87AC467A94EB73A6A7C3C2F377A60C2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.955{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.501{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEB14D9E69A658395791979739C42B16,SHA256=90FFC6108DF98B018B1CCF792BB0D39C650C75259E41EEF15DBDC204C0C35A7D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:49.961{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64815-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000213410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.345{49C67628-E74F-615E-3D01-00000000FE01}27362264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.158{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:52.941{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA2F0B51934F572E48F48480D174B07E,SHA256=DBC653E3925563917F726864515B49D0763D336F12ED18D3D67C1F10E98F177E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.767{49C67628-E750-615E-3F01-00000000FE01}36884024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.627{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.548{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4DF118D05F950522F6E8EC1A995441F,SHA256=D66BE542531C69BDDB919A4F2353F015952B088D3A59FB4C14F0343D503150BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.189{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05546354BD401587912C544BAFE40A89,SHA256=83E874B56D8ACCF52B9F2F86CAE97CD0E18F6075CAF8B0C3C848457F7EF0F021,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.126{49C67628-E74F-615E-3E01-00000000FE01}1296664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:53.942{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0EA35739D5BC214FB53BFF38EED7346,SHA256=EBEAA03AD8FCD6A85B0C87A4C07B40693559CEF05EB8ECC0439AD1FE45F16984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.845{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBFB28D21C554E203E100E92F19210BC,SHA256=3B57026287C3761B3CAB3C6465C3A331F3B8AFD61425B67575FFDEF66AABD8DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.579{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B21732F26995CB1B7D34919126BD9EC,SHA256=EE2FF1544A71590E0681B62FA0140BC90BA0F2872A4780E9305C7C1C4F9C4EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:54.814{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5D44992124D4F8290A957F1182A2620,SHA256=A4190134BFD58F99C7B052B7BEE28123B94C6D47AE7CC76B52AA75B94197BC6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:54.942{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5644FC10A1AA5C87D1BB0461FB22E9E1,SHA256=A6FBCC2FC00B7954833545CE7C25CB4C1EA0211A5282856145F735C4D8985DDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:55.845{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=512F5B3F9C629FA31DF81DB819C65957,SHA256=4FE6A55965D1AAC427EDDBED6D06CE6A8BDD22C80F65BA8E0C9CD523F11F2228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:55.957{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=066909A9C7F350F14A1BD85F30E1FF74,SHA256=4165AA26E29FE35B7A587B5C01ECCEB1D5C8E9850DEA09EAE742F9FE2E1A3449,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:56.958{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CF3E89FF55641C5876665FC9C07743B,SHA256=7010BC389262896D08E3270E2D0822F56AD7323D4D2011C322B1886A13A58804,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.699{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49993-false10.0.1.12-8000- 354300x8000000000000000238219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:55.032{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64816-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:57.973{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EF29AD3E8D3387B8248C764F0B44C12,SHA256=51E3587B926EBBC21C02CA66AE1B8A12419DA5692EE66AF7F5FC24F4D6AD593C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:57.018{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0560B976F78811AD286A70EEA4FA317,SHA256=EFF90D62F0D1EA812F913BB1BD15EE6797B36881DFC312566601619229A16C84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:58.973{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6DCC81919779C3BBEBDED9798C2B76E,SHA256=005B06EFABDC6EFC22D264A94F68B2652AB9B6E8ADDBBEB9C6D2FA7754DAB903,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:58.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2398BEB60A34E51230937187B54B800C,SHA256=AD5EAE2733EC0C92FA4D9ADFC3D49959222F1B70DFD3FDF4E7AC815A1FC3BD84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:59.988{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E5CC9C33EE0D4F6C7C316F44D289E1C,SHA256=B5D613A2B83AF533770678902D6ECFB359231D34CA7069222D428320DF88763E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:59.252{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4A89B7C3B39252B84854AEDDD7760CA,SHA256=69528174D89448FBED19C70084FFFE10645E1C2606FF697FA0CDF067B34AC133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:00.252{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E735FFF37FBDD50EF6C479D58FD76649,SHA256=667177DDE67DBF56ECD7FA973F6D1CEB9C81129EE5380787A0CB292795869EC2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:57.746{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49994-false10.0.1.12-8000- 23542300x8000000000000000213464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:01.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7C16E77BDF529EF505F3E463E49F189,SHA256=875ECDA4A9BD1C9B4A84EF6E2FC5965462539AFFF4E25257BF5724AC8BB5A1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:01.025{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DF59541EB9DE2AEE2DE0DDBADAF6E11,SHA256=9F4CCA72B53F8532AD32E36C6B52F2ABB41A43DB2C3CFADAB8010B8E38996B82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:02.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABB8F41E7773DD83E582B251BA346153,SHA256=FEB253D7CA3DAC4F4759554432E5526433B9EC321985E963545B38E0FDCAD588,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:02.043{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=519FFEDB196CB940A8BF9E5944D767A2,SHA256=367DCD345AE85AE38EAE9AF7085A2661878391DB5B7664BFD3189B767583F3C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:03.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C15B889356263B1108B8042D87275152,SHA256=638A83D0C6FA7BA9E774B5D15E337BD13C83E16FB6720BE957D1E7EA04E40DF8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:01.012{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64817-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:03.044{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94EFA36C03ED7518EC0AC6304EEE8782,SHA256=A710F40FBE336D5F991A4337B60053325A5161CFB687A452A1CAF1D6B7E5BD38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:04.079{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F7CD0A884992F799AD684AFEE43EBC4,SHA256=0CD0F474F876926878A64CAD72946F45B87A75547EA6B53A8EAD623A53821694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:04.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=622DA0AB5BC53FC2C8C654C30C784D7C,SHA256=AEEF2039AE68CC28654419DF8FDA043E6789E8A7F957CB98DE095A6560DC0D11,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:02.762{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49995-false10.0.1.12-8000- 23542300x8000000000000000213469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:05.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B06123AC3B4FE08423F9FD45CBFD2150,SHA256=B04D9970DBA02489A3D6527E9085ACF22F9FA35A2E98C0A5FDA72834296DB6FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:05.079{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9855267DA7B9790381C5D9F3E5CBF341,SHA256=9DEDC1BD73B1B463773BE8B203C2717440A8858B2571DEA894DA28759BB02E73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:06.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=298D608F5613DFA14052C4A9D396D586,SHA256=A0848B6645F3DC8942AEFFA1CF6AFAC50521AD126B3B0120B6D9A450108B4C5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.094{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AA2DA6FB91722D0023C29258F83D294,SHA256=75A9B7791DAA37631BAF6F473C6741937C4EF91878780E467842E604E470160A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000213472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:07.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49F59E58CD616E868E61A8CF88E021F1,SHA256=4F81F9944574B60173DE923552DE92453DA031669337C1C255DDDD7F435C29C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.810{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.508{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75119B871042C223EAB13C2A0EAA6E9C,SHA256=BD3D28484A3A6001092282DBA71B0DED9C5D7C362C177C4FEAED8995E90ED20F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.492{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A27EF0DDA121C46C845E846114B60034,SHA256=FC7492F38200279223FC06961223B488DF6443B3B92902E6FA9891F116A8CA70,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.404{6EDEAD03-E75F-615E-8401-00000000FD01}34686076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.141{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.120{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D74338566D5F15089C9B08E6E46A9637,SHA256=74E33077FA92DD6E5FE48ED1B93970D9E81F795DFE803DF3464F49CD0B3EE537,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:08.254{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=932D315E9006CD7CC33590FBA5322A8F,SHA256=7FF550765BF9328E422FDEBDAFB6548E32FF6E47BCD061A6A59EE8B2E3DB34D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:08.834{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75119B871042C223EAB13C2A0EAA6E9C,SHA256=BD3D28484A3A6001092282DBA71B0DED9C5D7C362C177C4FEAED8995E90ED20F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.598{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64818-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000238260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.598{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64818-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000238259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:08.128{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A31E2F145330015FF2628396E0A44E8,SHA256=7A1CE51D2EAE361839E7BE0F5A88040CA4FB435505FF347DC41D3B5061741E40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:09.254{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71BB1178776D57B4BA729D47643AF819,SHA256=00846EC4F9EA0C33BE0DB6B8B9DE843B32DF1BEF2FCC280C72E4A8EED9AA9D5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.934{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.945{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64819-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.153{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F40F284BCE41154D5AD1C3DDD03E1E0,SHA256=B2ABEA3F85A0F1E7247A30F11DDC863806DC9BB814475CCD758ADE14D2BA6C52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:10.254{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=881E05CEA435229C5709603C06061815,SHA256=E2B4BEE2785DAD630C5936270C98FC275F1441D579D576D1A0A7A12E16C2D801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:10.952{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0EA582A9A71854FE8B944694BE0C7AD4,SHA256=FBBD666DDB76DD127A04748D9F9A9C091A74BE26175B43664345E741E717BE99,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:10.233{6EDEAD03-E761-615E-8601-00000000FD01}14886988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:10.186{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AD7B9529014ABA9F78F4077F4F91E80,SHA256=C7101C9BDE098EC310390859573C8625BD18CA513C59B783088CE97DA74CC851,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.987{6EDEAD03-E763-615E-8801-00000000FD01}61605136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:11.270{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16F0F3C7AD236BEE5CEBF2DD5EB4526F,SHA256=F62C469A1CDA60A0C45B6D2272D23A397B66D92F36A286D6699169ECF08F18E3,IMPHASH=00000000000000000000000000000000falsetrue 154100x8000000000000000238286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.301{6EDEAD03-E763-615E-8701-00000000FD01}19724216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.201{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C82B551884E0BEC8C1053A445687155E,SHA256=4E2EAE936953D90F006D081175E84FE02591D0506E54625617740A469F9B6F2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.071{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:12.633{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-023MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:08.793{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49996-false10.0.1.12-8000- 23542300x8000000000000000213477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:12.271{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD2CA49914343A7D5CB9176F9C3A1C4D,SHA256=AAEFCF958799327684A2C204733730A051FFBB651A0531961A54382258D77D6F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.540{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.209{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C6E2ABC96D58CE50EE786FFB109AF54,SHA256=64F79C8BA4A91DF4B54A0588C51E8E1439AFBDA4BE72465A1AF07552D2ACD6E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.093{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24D6C8415EA319297A248D5F1BFFAB14,SHA256=7AC088C037EA3AC8723DCBDE9F0CDB1BC3EE1136682FDCFE23DA27DA4D430751,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.164{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64820-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:13.539{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AAACF05473ED7F06AB4A3534583F86C6,SHA256=63FACFDAE61F3B43FE861F48893D79D6092C0118AF675E159A4EF5D33B38DC8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:13.224{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D8D0E402B1ECECA5AE9E01AF0BACAB4,SHA256=F0B4C667E0B337E0D8766DB4F0B93389901008128ADF2D51E878D9E810AD702B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:13.635{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-024MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:13.275{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9FC6C1B5903F2FFE05A32D0C2A8F6AA,SHA256=A79BF2212D8D028E7F0C61ADEB065C6BB45C66F0493A69512AC84677F1E9DAB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:14.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87CA81E419EC0E9DD54D882D127EBC3C,SHA256=AD367BFA7207900C2236DEA7DBB2AC4867FA8D346D85C3048E56890F26D5A78E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:14.239{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85FBA838CF0658465CD65C067F649C8B,SHA256=D873A282FC46E809435681AAC5D81B1230147F590EC701FA83991E4F14FED511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:15.254{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A889321BB76E2A3A2E36527087EF18AF,SHA256=2A67FE1CD2138F05068BA83FE340B90AA13E9DA21C1DF102E3BCDBD62BB45346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:15.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50EA6E14874EE33EB2B3277AAAC8C0B6,SHA256=4601A7355A6A296BF0CD0BE3CEE4821263E28CD0766F55BE2C636237E2CB06BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:16.254{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F98F04581B811145DFD012D4175611C,SHA256=30C6B6B49E8386435AD08C355A687B24CBC21E2C3FEC3E6A47E8942C8FBB6C7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:16.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10BD4E622D28CE14360F8B90CAAD9F87,SHA256=B0A59A485A4B932E7B095C4D4CB883FD1DB1C5D74725205B3A6DB192B2F5B1A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:17.274{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6CA2273A04E499C63D01E6921F06ECC,SHA256=6D20E7DC09321F8F64562B5979A5843543577E1E95C3C7ED367F9E8A256A7875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:17.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=239F6282A497BA92984150661FDBE4E0,SHA256=E382BDA35767F2D9C7C33A6CE00CD5810D87BA3D75B63A3399A87F39EFEBA129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:18.293{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A5CC6CDB198429A39082B1945A20390,SHA256=EC187EF0AF9106890455888F2224F426CD60DADAF5C00125CE2355F7CE94D14A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:18.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D41BA10D4A4B87D4391E22F9926DD43E,SHA256=C29346C87596B5CD4BD85DE9D325017BBD2D991C8EEA4BCBBE7AF55D5B6D3C1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:14.678{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49997-false10.0.1.12-8000- 354300x8000000000000000238314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:18.001{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64821-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:19.312{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=750720B169EAE2C4B51BAC31268B3019,SHA256=1FD45F19F532377F858528F00BA8BD555D74568800BDD0CE71EAD9D1393621BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:19.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DD6F106992B3293BBAAF76EC8F2B624,SHA256=FCA65326A3FA42679F19E9E6355035A5C17E4BF8319470F2829617249EFC28F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:20.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DE6578A75C0BE0DE40469DDAD99BEC3,SHA256=A3A2FCC3377B1B7A6D8774C248B432636762849F2E079EE5E697768C96BC2D00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:20.315{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C76150DD315A6F7A9622FC84458B8B8,SHA256=18667B5CC712113A83A28709DC33DEA963926F5081EEE9D932697507D2F3E64D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:21.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADAAFBAF5275FCAC88A8DCEABADB6E32,SHA256=00B01AD60C28122CDD06362F96740E20B4DF0AB98715E0FBAEBE0410784ACF26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:21.331{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE7A914B8F2FFC0EB87F2AC1DD58B70F,SHA256=4FAD607227EF252623640A99CB6E962612C101EF14771C418AE2CDAEED2BCF77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:22.375{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC246EC73FA01454F3F48B7466BB7D9,SHA256=596A9053878DD63956E52A74F4F05C022D8A9031A6EFC1AAE52A7D2496DA9BB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:22.346{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2BF2EA0DC975C99E4D0ED6FAF26805C,SHA256=65BF59F4AECC2E83DC07EB2682AA49DE0299B6D765164CB0A397BE65C9F5DA09,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:19.694{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49998-false10.0.1.12-8000- 23542300x8000000000000000213492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:23.406{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5576837FD005EF7B57ACB8A548AD6808,SHA256=559C655BA4769B222241B8BECEC5F6810ADD89B016FEF73AC381045D00D482A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:23.348{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1FACD7F4371E76FA20355EF9BFF0B70,SHA256=42D5CB1E352AE2CB7F7268F64261F3B2F9C828CE50E660CC7F3CECE46AD3515B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:24.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27BDF55213992E108D661B2E280E05DC,SHA256=8301F27849B0BC662D2AB7B38D9CB82E0304DF70211EDDA15087D3FCBEF4DC48,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:23.070{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64822-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:24.365{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D74172B882CD67D02D60F1B96039DE06,SHA256=273163B821BF612509B22EBEB862AE08E87C223A579438ACFC94336A1AE2A5AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:25.453{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D14F9094DAB613625277F7A30A7E80AF,SHA256=F0424FE8B1AF2D80D50D4277200C906FCB4630E498C54761F6282A93229A7539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:25.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB57BD06DEBAD4C4F6FB7AB9A1B8B6DD,SHA256=DA6FFEE158A87EE87DFCED7A60DE7DA7F307363C99C3192E050F4408886482E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:26.469{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C0EA97CD13346E30587A44C40CBB9F8,SHA256=BECCD129125ACFB568DA4EBB7E4EB8ADDB8C40AA887A9552D062882A4C98F92D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:26.374{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1A4DB5D8FA64E4676184297CD8BBB92,SHA256=B471CC8C402EC9EBF51A47308C2DE11BE18CF7A1FB88AE9FA9DC660F69A9CFA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:27.375{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34AE78A3FA290A62664567003652A5DC,SHA256=47AB867BB7F6B81E397CDAE9A8B45FABE36A04EFE5B499971337C19D1B3E8D30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:27.469{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BEBAD10A2D930571F69A06D033A21A4,SHA256=0D8BBD2994F61D713B23A2175097733D06BEAF03F2D5805E2B856D9408A97916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:28.415{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F1E6EB373E6FC769576E238ED25287E,SHA256=A5E27F0CD0A229DE0FA2CA4CCB94D7F442236D492DCF37E161BBEB647E14A202,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:28.469{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCDF58FE73F9CC471603010586AA1B37,SHA256=4553D3481E873A89F36E1B9F18233E60F85C404C2843C8BC245193E060A2A944,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:25.679{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49999-false10.0.1.12-8000- 23542300x8000000000000000213499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:29.470{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1C08B4EB3F8549C3D677C011F1084DF,SHA256=B75AB48D654465020427054CF82261581ABCF3FC794954AD4A37F4ACEB2B7BEA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:28.155{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64823-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:29.417{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39A6254597D37D11059DB543EAEBACB0,SHA256=312A1166FC5D02BB8334387F98430C27898B214568338C4CEE4F8F87D3A0AC0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:30.470{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CB72091923457E8166DD3E8C7649F7A,SHA256=F67D273FE723EC97A91CB16460DDEAE32243E4079F8A10B65BC9C9FECC5622BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:30.919{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-023MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:30.417{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=451B2EAC696E90182E26ADB766546EBA,SHA256=D30C8B0E59DD0E861C655E7DCC03908C2679373C209D63FCB1C2DC587C8009F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:31.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F15582FF00DD5CB566FD2CBEAD8D0AF,SHA256=EB21D028BC8B89755F47F012C10341A13241A5FC2190DF4A6340EC65760C2980,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:31.921{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-024MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:31.419{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69A91EF6286B566381259D9F5C461A18,SHA256=1E1C6D938F5D5862691072487E02C013838F8696029401EAD0A87EB0D042AE6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:32.595{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2280963E68B46FE538E1047B3DC7475,SHA256=9B5BFFB22ADA9D43E120464515CBE6ACC90BC7E86DAC2FA4E1C1A8CA14E0C92D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:32.430{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=988AD135BF9B00A640B1BED8899FECFA,SHA256=EED8EAA8C983117CD2855D6076A7C96EB2042EC172BCF7B764696E7F52AAC006,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:33.689{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17565C6F00F867AC6EFD961C89C326BA,SHA256=B9CA3E546365B1822603DB4B3245D0D5E1609006261585FDF64DB94F011F0CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:33.439{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07A4B6C1738B450DBA52ED1FF8B4D0A0,SHA256=463FED8E2BE423A30CA138160EF4C6365E8D1032076A3FFC5FF36133A8575C36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:34.705{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13EF9219F75EA5DFD8CFCAABAEC9A233,SHA256=BC4983D46B24856124D22ACF88D94417615998BD75595BEA15185B9525E67576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:34.455{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DC44DC9BAA7AD9894BF32E2D64BEE91,SHA256=C1680FDC8E4219DD69AF9EAB53B5C832F1964B265006FFED7104DF82D2A2223C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:35.783{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06B0C8FA203E3FE446B6877C216239B2,SHA256=0C89CDF0AB8B04360140F2E2C12AFE18751F42623BE8796AB37A0B3178414914,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:35.456{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C2C5BD43A34198D9327EC94F1A72601,SHA256=AFD18079D991EEF576F7A1B4572D46BBBABA22D1698B62F98AE3A6AAC15E9422,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:31.663{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50000-false10.0.1.12-8000- 23542300x8000000000000000213506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:35.017{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=36FB338EABC33FEA43192B32D395D089,SHA256=A8F42CD665ABAA873F515A6B3E35C03F3774818E786A5FAEC9DE04419DEF1907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.955{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4AEB21885D4ABB8FE8CF34D44B44BD0,SHA256=2DA72F496C805E9CB17B1315575A44FC5199098506C5187F6DD572BD33853780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:36.457{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCA1B2CFED20D29E24D7E7C4A93F5E42,SHA256=0C5494A3AECF837988DE78F75C12BFD09B6911B957D75F59A30C22C72DF8B640,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:33.995{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64824-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000213520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:37.979{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BFED45BD3E1B5DCFF0BB2CFEF3F6E28,SHA256=5298402E2CC7D0D5760D0739722038957C46D1FAA4EBBDD8BDB3E3E04D4283B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:37.473{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C294C2596644E32764B56E8F33283AF7,SHA256=119C16898E3AD97FF5D32758689E0F133506238E290918808D8CFFE9AF0E68F6,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000213519Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000213518Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00170177) 13241300x8000000000000000213517Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x30e10b3c) 13241300x8000000000000000213516Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x92a5733c) 13241300x8000000000000000213515Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf469db3c) 13241300x8000000000000000213514Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000213513Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00170177) 13241300x8000000000000000213512Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x30e10b3c) 13241300x8000000000000000213511Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x92a5733c) 13241300x8000000000000000213510Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf469db3c) 23542300x8000000000000000238337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:37.111{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=D4DD775D01783C537F4B6617E20264B6,SHA256=DE1E6103D9FE9D42F5709B3E6E00BB74671B730976A114057180313B06F778C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:38.510{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64EF2A63333AEBC81F9220881516F44A,SHA256=3FDAD9C86CE5752CE7B8D4639CBAFCF35D0DC2AD417A6D120106495D7C4386E6,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000238348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000238347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001705cc) 13241300x8000000000000000238346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x315489af) 13241300x8000000000000000238345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x9318f1af) 13241300x8000000000000000238344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf4dd59af) 13241300x8000000000000000238343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000238342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001705cc) 13241300x8000000000000000238341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x315489af) 13241300x8000000000000000238340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x9318f1af) 13241300x8000000000000000238339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf4dd59af) 23542300x8000000000000000238350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:39.542{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F018C8962D5F03027B0CE1399B281E,SHA256=38AF436ADD468CD5F0A56D452DA6573B173987964AD277696E5596B648772A65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:39.198{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B4DF44DDE877BA0AA602AB56ECFDD82,SHA256=3737AA4B5C3496F5DBB27335A0A1CB1DD193EACDEDE1B7313C25048E2C0FC5FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:40.590{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:40.557{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18053652D5775A946E111D79BD0BE96E,SHA256=E7344CA3B5B32613CBBFAB798673592576672EA3171CDF8F0F9245B76FE99915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:40.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3916D35184D135B79BD397901D8A8FDF,SHA256=D70C3F2BFF540AC4C61A9973D39F54CAA808CFA0805CE273D78377F35A817F18,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.420{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50004-false169.254.169.254-80http 354300x8000000000000000213524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.293{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50003-false169.254.169.254-80http 354300x8000000000000000213523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.259{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50002-false169.254.169.254-80http 354300x8000000000000000213522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.258{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50001-false169.254.169.254-80http 23542300x8000000000000000238354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:41.572{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D16ADA53A12ED07FEB24850AACD5B55,SHA256=74D4CAE6D5EDA6C5F5EFD31DA0E18843CC07A2422AA5AE9E8DD64697A1B851C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:41.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B638465CA091D1CF5FD4681A34D8E625,SHA256=91FE8AA9232EF96A176373192CEBA61A91A701BB3F9558F98BF9FB3FC06707A2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:39.050{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64825-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000213527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.672{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50005-false10.0.1.12-8000- 23542300x8000000000000000238356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:42.574{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=010BC9A9B09C6F2A93EFFFEF973034E8,SHA256=D3A4794FF4BDF165818F8F64787EE049B7FEF00D8C04812CE940C2FF896903B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:42.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFB5286FF5E1288345334D3879307C55,SHA256=3D0C9A125D14BB6213791FD69F8D9EB0D625691A1EA8D70B4983EF1A49510E1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:40.481{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64826-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:43.575{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A4C5D545E26416F175E6453B01ADE15,SHA256=FB12906ED71764BC88CF46A1FFFEF6076F5A259EBBABEA7C9CE8D309AB81654C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:43.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C3C44556DFBEF9EFF3438BF69EF2BEE,SHA256=63316721FDB38B0F01A4CA9AADB09CB62F29D37CDB969341B87A2C8A55244268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:44.576{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE8E65BBBF1BF9F149570205A207FF7,SHA256=460B37F758728B9E62CCC7EC0F3B28F787A400A9CC9910C6111725AEF95F944F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:44.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11B0FE3892CEB1597AA4267611E292F,SHA256=6F90CD177B6C8AAA4C3B81E6CB524AFB4942B2961E9292A4864E42936FE400C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:45.611{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25E7DA0476449CBC36C465C8CD4D7FAA,SHA256=0F981F21C8B86CD10E8C7027CE24C5BF0163836C22DA77CA98B1B282656CE477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:45.855{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:45.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD268BFE1C4C2136730371F5AE41B121,SHA256=B71EA31CDF40FD55FB15864CD591C65B52EB6B52B46F5FC2CF48DCA706C5BE8A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:41.719{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50006-false10.0.1.12-8000- 23542300x8000000000000000238361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:46.660{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E82C584B5D49D55B95EC315CED739530,SHA256=21BDAFD46E3B031FC9826873B8AB449DDBDF4E4224D8A1FF82FAF4BEA45E0563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:46.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=048EEA58251021730F134CDA1CF2C78C,SHA256=4C2F3C0F3770682D942B7C9D3D974E99ED81FC867E2E27B97EF3A91C7C9E0C3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:44.069{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64827-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000213549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E9921C6E1846C0280197C297695E1D,SHA256=5E769D6C77836653F18F742CE77514247E516D9FE54DA9AC017151EF37067193,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.652{49C67628-E788-615E-4201-00000000FE01}29361312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.371{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75CDF3E201C8B603C23F7E1E817CC480,SHA256=8767131EF48B93B60BF3C46798597F318B69B1C9EA8B923DBAD7C4C97BF36A22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.371{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3346BDC49542EB102F0E1800109CAA56,SHA256=130F231D11FB18D97C0033E96672B1224C4CD8D605EBFF829B8308333A23DDEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8AFD7007AD4C687E50108B56480F8E3,SHA256=125057334B4B844E7F0619362D997B5DB2C21D278218BA91F248DED6EA8C9B0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:48.012{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDA8301BE230F3D067B6DEB70BB74C43,SHA256=ADB7C43E65029B25B63D8515C0692173E616C6A2169AF4A9F14B559D5CC1D677,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:44.422{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50007-false10.0.1.12-8089- 23542300x8000000000000000213582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.715{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FAE9DABD0AC12F29EDA4EC29E15BD50,SHA256=0CF707E1B35851EE907DC8A6FECB6636303CBF506476191DEAC667F00325B987,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.715{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75CDF3E201C8B603C23F7E1E817CC480,SHA256=8767131EF48B93B60BF3C46798597F318B69B1C9EA8B923DBAD7C4C97BF36A22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:49.032{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FCFBA8988E50753FCC593C23F0CC45B,SHA256=6DB6E558A1F2A02C992E81C0ED399FEF67A1B91304350088012CAA370AD59A90,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:50.716{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21B6247E11D27445A5F931AE56FD8DAF,SHA256=46B5F93DF2AFC3F045C5E251833FF5D95300E3DB3FB6A97D3C9A4A7561471394,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:50.047{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85FC562DAD44ED53EDAE9DD338BD52F3,SHA256=38CB8A67C05438D86057A5480AEC77A2686B1BFF24F7F71C0A488861C3E246EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.594{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50008-false10.0.1.12-8000- 10341000x8000000000000000213612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.966{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.731{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9DD1BD6F5EC9F49EBADF32D79E76052,SHA256=F50AD1D4475DEE0D74A1A7D43A5CEF3986CBAF7F8A6362849987367F6C7447D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:51.179{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:51.049{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D73A560895B139C36FE273618E445C1B,SHA256=B9B51B30B71A1D353F478B81DC0BAD8DDF52AA7501C1678125B189B60E15BD2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.340{49C67628-E78B-615E-4401-00000000FE01}25003808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.169{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.840{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E29ACC3E54C20203AFE93AFD2DBA5AB,SHA256=E4B04A4C606FF278062DEAD03DFC846EF5A9EC7E95834AB2DB6EECEF7A7C99A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:50.073{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64828-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:52.050{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22C6E032D6C0E49CE9233C839F193AD5,SHA256=EC3B708441F983174415CFEA0F31D2336B660A4C830EE4465F72B9D84465B907,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.606{49C67628-E78C-615E-4601-00000000FE01}33842036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.466{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000213614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.200{49C67628-E78B-615E-4501-00000000FE01}30763204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=10966ED3013957729BE4968EACEB46A1,SHA256=6AA212C0C89EADCE275709CE50CB12647BB6B7A3ADDD906EE24086C43B5CEAB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:53.095{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FF2CFDB53D1E2C970522EE0305A6DA9,SHA256=BF97735EC25EFB2F00D8255F96059F0D4BC7A3D4E0C87989C01DDEAC9C76F384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.700{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FECE1035FC3D7EFCD7B6F3886F679F9A,SHA256=F60C8E3C33941913725EB02D68BE92C440A15A22228611E2A6B49E2BE3C8840F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:54.098{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FA0F76D05BB1D6D0893654A34D3B7A0,SHA256=ABECA112D821D9FBBD2B39CF163EAFC8001D994BBD64DAB56F0F5F1413C63A2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.997{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D105BBDA343D32C81AF35C582B910E0,SHA256=AAF3BBDC32BE41705A351A7C3B66DC2FFB999C37A2095BE4C466884885F6AAE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.117{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85E8DCC8577CD1960EEFAFB669029404,SHA256=F912D960C1042A8A87D31A0D93FCA42B50738B6249647C7231573686207FD699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:55.028{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D29477C2400AB6EAF79C4ADC4ECEE2DB,SHA256=0EDA9C877790F8997B630E31BBC8F5069B97E21DB3D6A76782710A18C0B7463F,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000238404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:56.835{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb76-0x9e602f26) 23542300x8000000000000000238403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:56.137{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13B554A308C1D5CA672B61EB939BF60C,SHA256=BE9B694E84C589AC6AB6AA0C5744D7F90CCF62C9B418BD945B78D74FBDF6FB1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.672{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50009-false10.0.1.12-8000- 23542300x8000000000000000213646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:56.044{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7614CC8901B0213B0664F722427FC3B,SHA256=949C83B667DF2316608704D2D4FBA426D325FF1C2EDE684F56104BCA370F6166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:57.263{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60E73453DE43C48C058B9F0A04B98B1,SHA256=9E73B5993D02FAE54A1CF977F7F2C3EE15C6B8D6B81C9FE40B4CA97E057190BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:56.043{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64832-false169.254.169.254-80http 354300x8000000000000000238408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.961{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64831-false169.254.169.254-80http 354300x8000000000000000238407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.906{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64830-false169.254.169.254-80http 354300x8000000000000000238406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.904{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64829-false169.254.169.254-80http 23542300x8000000000000000238405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:57.151{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F850A7C7B61FBA7672B699B69955ABF8,SHA256=9F6C6096D9B612AB0D16E855FBC52A2F2B8A7EE508309A152F921AF3A3B29878,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:58.310{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54A9F53350DDB9BB3C63FAC90D51FAF2,SHA256=51DCB93BB137BAB284470267C72407868AF6FEB7FF9BF7A99C774D214574F510,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:56.076{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64833-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:58.153{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=501C70AF8D21B1DFFE2ECDEB06F3067A,SHA256=3AAB6D91470C48A36F44CE0A9B4FC818A4240F8340AC7A084894CC7A09BAF201,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:59.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52455F13EBA2F288A4943C546CFFF0F8,SHA256=1CEE98BE135F24243C73F48686485578DE4E76FF086765D5218E85C3C68D47AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:59.184{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEEAA7E4BAB8A15B377D94995E672739,SHA256=5B2810A35BCE2528BA79F1541529E1B146007116A7082F4ABDB36360496AE925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:00.193{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D280410F3DA3977E2452ADBA98650CF,SHA256=CB41AA1AEBAABDD78EBFE8E0876C5D3FB18F0F73D234B1D6DEF7F2272A3E4D97,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:57.782{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50010-false10.0.1.12-8000- 23542300x8000000000000000213651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:00.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25C0271E3CB70156DE1DC71B69A9CC6B,SHA256=55E41E914252E9BEAD80DD183D2736D3AE7EB673B374421B5B8950DE34AD46D3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:01.792{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:01.208{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D1587970D43399D42AFED97E44B97F9,SHA256=4CCC24119ED6653CAAA56A408BF7142460B6FC2FFD8160CADF512C8B888C784E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:01.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0116971D4FC98AB2993A94AB0996A64,SHA256=004F3C900C1A0DE5F4B6D17EEC8297E3EB15ED242B699E8E4667807E1245C292,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:02.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A6BF4E290DB99907CC371902BBFBC61,SHA256=E92515BF6CA0BEE70A9D9DC455BC5955EF397A4011B42DDD79690B274A5E8BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:02.226{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15432CD95083740B016BE92146042FA2,SHA256=626868C8961D8905667C26F33ADB22EB9E3427E4105D4E79FB8EC1026C57602E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:03.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=832711055AEF3A367EFAB7EF121D1CC0,SHA256=7E9637818ED351F30223D7AD911291AB19AA79061EE72C7C592ED39C84796FE3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:02.068{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64834-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:03.244{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2E6A5F58D64F30E336A45CBA50A946C,SHA256=264B0619CBDE28B8BC4547339AFC492F97A28B2B1B84554F8214BD570DD0E6A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:04.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC33A05F9C3758A0A4934673150B4B1A,SHA256=C154A4CA32327A32950EAB005D744C9104EA6C12013A6653FE436D5A9E40D7D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:04.676{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=9DF33AADB22E7175BCB3C9CB634CCBFB,SHA256=1D95CEAACA5BF4853B26455D2EA62744D5DDD3F6A716D49F9A8ADEE08E47DFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:04.676{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A17C7F17C3CB3B56553E72BFEE575574,SHA256=19C40CAA4E5B4E4F0F36D87C7F1C705B96BC554C2707721752C97E42EF3D9F2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:04.244{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0A38C16360F6FB68CABAB1FBA3B65F3,SHA256=62B0CA6BE1F2A3335E7F394459FE33D1FE0B9DF0AB7D1DF60FB618F0F2162280,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:02.813{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50011-false10.0.1.12-8000- 23542300x8000000000000000213657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:05.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0A444CEFCB76E500EBE5751908A15A1,SHA256=E9779C19C54C2E1F18AD357846272265BD190671394C1B563019CEC7426F3135,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:05.276{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=738698E528CFD23C4973468E911E9C11,SHA256=4227D2C89D5977ECDD034AC755C2792E536E4271B68B6C5195B53CB1E084A67A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:06.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE86524E7151470B0FAD09AEE509B3CD,SHA256=761C0FE3077468B843CE978734FA15A4C9FD32B86F8CA4338D4B1946C8E0F6EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.408{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.276{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FCD843C02FE7B6B836A22856237889B,SHA256=1AD750AC264484B92B8B9B4D60D4172B40BC16818685DE9B6F6EDA3C478C328A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.409{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B34D8A6375DD2DED5E730DDE2744B0A9,SHA256=AD1094DCE972E32A6E4F882630E21CA852F4C5EF5AF594C36685812E69543DAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.409{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74DBF34A94BE69AA6E6DB0B7B025B241,SHA256=F40C7B1B7D7775C09D9934073F777F126388178B482640E2A59B7AA6434DCB0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.277{6EDEAD03-E79B-615E-8B01-00000000FD01}69525752C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.277{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4F88625C4EB3BEBFEA4616A1C645307,SHA256=82DFDA58B99D694DEEC05FFA0146F4B39247DBE7253187181BEE7D5D6C969D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:07.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=561A6E5A131D943494BF4D57758D31F5,SHA256=92CB480F637ABA65EDDF3D300234ADDB156CF55760FCE03496F484BAC060D6C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:08.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=242CBDAB6DBC786368E8F2473E625BAB,SHA256=AE842CBC9BBF3FCF7F7601F39BFEDDF5FC89075BCE7755DDF0DE81683C9AB12C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:08.777{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B34D8A6375DD2DED5E730DDE2744B0A9,SHA256=AD1094DCE972E32A6E4F882630E21CA852F4C5EF5AF594C36685812E69543DAA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.617{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64835-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000238453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.617{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64835-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000238452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:08.293{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E666BB693E94DCA596B5DDBF040AAECF,SHA256=94FEA73537890DDE81411725E91561B6F85550F39843B56F019067712F71B625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:09.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D2EF5F0083FC299E0B53A7EB93DD66E,SHA256=FBD44292E9056F9D5FC4BAF129DD5E08BC7F286E709AE9D4083FD3E00E6E0401,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.957{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x8000000000000000238460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:27:09.876{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x8000000000000000238459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:27:09.856{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x8000000000000000238458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:27:09.856{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 354300x8000000000000000238457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.167{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64836-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.319{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA219757324D130FA549AA0763F89C2F,SHA256=08D83C76DA24ACFAE26E7F819ABA2D7739166EDA4CA87E80D71E64B5ECB08F56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:10.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51C3FDDBD633ABA74A43196CF008DAC1,SHA256=D39045871B26556E0253C0E6C8C7B052D744A777CDF04FA4E9909C24C297EC84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:10.890{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=36891421F8117D88BBDDA94777C1C3BD,SHA256=5E9E78367D0B9F1555717C02A2B31FC605450DAF4D9B474CE0C8CAC548B2E7CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:10.343{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3464F6F0285DFC77CCAE92FFBB47855,SHA256=5D479A2F8C6480A496AE28177D10E7FB121E2BDC4E4646CDCD609D8FBA051C50,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:10.190{6EDEAD03-E79D-615E-8D01-00000000FD01}59806040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.958{6EDEAD03-E79F-615E-8F01-00000000FD01}59446496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.797{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64839-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.797{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64839-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.785{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64838-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.785{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64838-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.766{6EDEAD03-E1A0-615E-0D00-00000000FD01}892C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64837-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000238482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.765{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64837-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x8000000000000000238481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=429EE99E92C21144E503C2F6266AA485,SHA256=BCDF0BC7D6882A87B8CDA313E650D7B5BDBF42C4C43BFEC292A03B41BDD6DC7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:11.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6778646EDDE6D40B2004D9B61949681,SHA256=4C7A46D95E403EA17F9119209BF754204BB13FD949E1C2F5B443C06BA53AB141,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.289{6EDEAD03-E79F-615E-8E01-00000000FD01}42045208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.075{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.507{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201EBEDE071D17C2191CD8F9C4F6FD18,SHA256=35D457322A02AFC0AFF990002443971633CD058704026E356ED0F3A28D6DFE0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:12.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF1D8525542C3D70C9583ED02E138575,SHA256=373E90525D6CD9CECDD092D92E37DF12A4FBE4851557281800B78B5801A4F3EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.089{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=311F8D5D75F55FCEEDCBF5D6ABAB4810,SHA256=4E97DF9BB4269F1BBE583D150E18DD4027C54B3B1AA5DED827CF5235D470AC23,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:08.657{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50012-false10.0.1.12-8000- 23542300x8000000000000000213667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:13.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=575FEEF352EDD068837FAC99485C51BE,SHA256=E3302515CC9FC6143A61BEADBAA89F4C8D9C9EA714080984C28BF5472A73B311,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:13.516{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=806F4BF240F2CE975859F7894BD460E0,SHA256=44F6341D8DE2151023626977528E6A4367EE5C95F22124D1628D7C1C6A242B30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:13.369{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08439A31001C4A9940DD9746A066E985,SHA256=8FE3D1C63E6C82673C47D2C240561C1C26AEA42C4294277F66090A9E2487CF05,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:13.092{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64840-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:14.371{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0E0D76DE5BDE8F36036F122F4566148,SHA256=74E0FD5EAC863CA51153ABA580642317DEE852EC69F592FB7366153BD70D792C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:14.358{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85F9EC1E67A89080E081F2548D3B0792,SHA256=5DC7F9AB0195DC02FBBA010BCAD00D8932BAAEB7B76882F73EADD6F69EFF565C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:14.157{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-024MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:15.362{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10625D7181B992438B2E7009F7D110E0,SHA256=46EBD9A0D50125AF8F70227284F88D346DAF4A480A3688B7639D7F3F296EBE83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:15.371{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1EC44A80C3EDFED8D3068B106AC87AC,SHA256=94CFCED753D0D43391C861393E7FA3FB6BE3D510ED535D53037DB7E47EBD36CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:15.172{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-025MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:13.735{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50013-false10.0.1.12-8000- 23542300x8000000000000000213672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:16.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E888848BB31508B8B32C19C398019E70,SHA256=9E18BE101277351F2E412663EA4A1C85FB7B2FF61FFAAB5C30789EA59231B32A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:16.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D5C7A592916444F9712FEB88EAD7C14,SHA256=6057228BCBED3FBF01C163282232FE77AEB56AB94CD322B108E12AA3F9E7F463,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:17.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E1578E93FB2BF5ACAEEB95AF747D18E,SHA256=FC96C237A9E82F178DA9807B91B0898DB91EA163AD2C8185A9D2AFCFB8A8CCB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CEBD4C3ED55A6118A7EB3A7F8957FB3,SHA256=1FAABB4117E2063FD6A5564941845D29A24945CC8ABD4EEA83DE42802283F8DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.381{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19825FE407C96031B4885468763A760F,SHA256=D2F06C8527B6F1028766C2133644977075A54A123FF7476CBA34D10A9AEE6158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:18.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21ACC9D2A4E3689D9551A211CD23BAF3,SHA256=41C7D1CDFB2270CE0D86580702CBFA7EA09FFD88F60DBEEAB14A39BBF14FA6B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.125{6EDEAD03-E19E-615E-0B00-00000000FD01}636684C:\Windows\system32\lsass.exe{6EDEAD03-E19B-615E-0100-00000000FD01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000238525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.117{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64844-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000238524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.028{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64843-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000238523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.028{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64843-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000238522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.917{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local64842-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000238521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.917{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64842-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000238520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.906{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64841-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.905{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64841-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 23542300x8000000000000000238518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:19.382{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22394CE964D53A82BA55B0A462AE72E9,SHA256=4553518B04D2D7F6CA588EE55A371E231CF5B56067B5F4067C4A9D3C00318E7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:19.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9007C5B4EF97C0ACC31BDE30B373DB66,SHA256=04A01841278B26068CABE3637FF72D563D5151AA96CB54471B4F826C83611B12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.997{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9F182E3AD335BA761FB332701977154,SHA256=6D8E6C0B98D099DC03B625C36FE55CC41F7357333A6ABD642493DE089BF06081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.997{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=200E39457F8ED329749C80BB79622355,SHA256=B49C8484BEBCB2381D4CA4F478E31218983AAE055AFCC04A76AA5BFD13013598,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:20.397{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9CAFA9E03BEA71982F6709DE7272E20,SHA256=EBF4CF98275BE4B824F328C4B81C84AB0F0B0E8A59AF21746FAC361949580281,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:20.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ACA0AAD09995ADB222C0C6A8EC0DFF5,SHA256=892D9FDE3008FE034FE5A3226715FA50A8A00DDE6AAEA6FC44775F0654299C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:21.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8216A7F5ABDA9271793A8184992CEA4F,SHA256=A23E6DA0048A9E611DA0343DEE0E3F63084B0A2EFC9AB14463350FC036AA776D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:21.399{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E571878C19EE5E6985B77AC065041C5,SHA256=8E823A3C3BD91F6921481E802616BE8A2E28EB9F62657024A78993EDEBFFA060,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000238530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:22.734{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\SiteSecurityServiceState.txt2021-10-06 08:48:34.156 23542300x8000000000000000238529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:22.734{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\SiteSecurityServiceState.txtMD5=0679B5CABDF5A493C168FCF51261676D,SHA256=3139F6263B87E0D8986AF7C398045A58083149803F26C79B2949A773A23740BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:22.401{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A54D7F8EADAADF9D0A1DD4329C62C221,SHA256=9A7E0B369C1CF191C0923F66563042EC3CE01FC4884E0D562125089A8F165EDC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:19.662{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50014-false10.0.1.12-8000- 23542300x8000000000000000213679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:22.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EEB44B7A63527E389AE446480972B41,SHA256=039A1A3C019685E2A3F21DED03652D51B082F9A712FB8C80EF13DFEF01EAF576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:23.402{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B06ADC96CDD82EBB16DFB2800BAB81ED,SHA256=537633A8A9092AEEF8052F0C2EC9A9DD7AADB5FCF62B23498160E6892643C08C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:23.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFEAC5023824B2F36B56A0531FE07B52,SHA256=7D5E4866919481B751F738848F6EDF7F9AB6E43D45EF75BD758887AB5B37C96F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:23.157{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64845-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:24.403{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7C40FE7D43CDEEC31D24BA84BBA42E2,SHA256=2EFA5E338723A4B114CB97BA7D94EC5916B087AF1E3D84E10824778352BC0A91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:24.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C34DA75694AD6F5043A26602FBFDA96,SHA256=34476727A7F3B714F945E3E542CC284372406165F25F53F4E365E9DFDBB051A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:25.408{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66370C89982ADE144F841C582A74A474,SHA256=E7BFE41F00F9C2FA5911407AC1ABCFCBB35A2F23ADBF2F5BFAA19A046CCE7D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:25.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B8D5CCEBA805A05ADD8E24C438B7A8A,SHA256=9B09F05E0AC728D64AC5C216E56A1BE11F38C84D513CA1F14F22F6A3FB7813B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:26.958{49C67628-E19D-615E-0D00-00000000FE01}7963844C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1400-00000000FE01}1028C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:26.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=134F7C8C4B5A873D422614D746D3085F,SHA256=F8E1419132274E27989B576A34687A65E3DFA0911894BBBDE66AF5BD464AD07B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:26.594{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:26.408{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD27BCE750FB97301CC4C22B026B17B9,SHA256=CB8265FA50EF6D5E862AFB7ED224582D29DE84C433D8BFF99DDF21DFF98B939A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.598{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B0DF946E8D53FAA98DBE92A5FB421FB2,SHA256=90A43C8D14F8181F4834BE6067496C0EACAB547BEC22D8C8E59D0848A65462CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.582{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=9DF33AADB22E7175BCB3C9CB634CCBFB,SHA256=1D95CEAACA5BF4853B26455D2EA62744D5DDD3F6A716D49F9A8ADEE08E47DFCC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.544{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.544{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.544{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.497{6EDEAD03-E1A0-615E-1600-00000000FD01}12801460C:\Windows\system32\svchost.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.497{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.481{6EDEAD03-E7AF-615E-9201-00000000FD01}19084216C:\Windows\system32\conhost.exe{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.444{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000238544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=685C20C582C99803CE685D956FEF8B81,SHA256=1247EC3EAEF86E8B6F7FE1308686D416AE6871447A842F79F79629D194E5AC4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E40D-615E-DD00-00000000FD01}27722172C:\Windows\system32\csrss.exe{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E412-615E-EE00-00000000FD01}49641916C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+3d433|C:\Windows\System32\SHELL32.dll+3d2fb|C:\Windows\System32\SHELL32.dll+3cc17|C:\Windows\System32\SHELL32.dll+3c8dc|C:\Windows\System32\SHELL32.dll+e2157|C:\Windows\System32\SHELL32.dll+e20b5 154100x8000000000000000238537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.427{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000213686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:27.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A062D9C5B07985538E56F31FCFCEEC58,SHA256=D8B640F1B6A879124EF9D3E5695480F84F5FA14276AD0B6A9F2C05228C619C86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.728{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AFDC80B249EB4E1A8AAF0C0EC1A233C,SHA256=FAD8A6B42E94962ED6563718652E4038F54E51EB64A9244F70F535371982432A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.697{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000238571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.697{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.697{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF17cb20.TMPMD5=C58952CF47A40E878145002B738FDDA8,SHA256=5246515B04772B58453EE8E8C5C9C6E9F2B2DADF381EDC92D5E1CAA1130C1630,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:24.787{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50015-false10.0.1.12-8000- 23542300x8000000000000000213687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:28.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=257BE6EE254FB76D812FAD3A95389205,SHA256=442980E2511820AE704DB0C32DAD2362C5A465800CB1169559857DFA0708634D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.429{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B0DF946E8D53FAA98DBE92A5FB421FB2,SHA256=90A43C8D14F8181F4834BE6067496C0EACAB547BEC22D8C8E59D0848A65462CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7C2D7266F1AD83FA12E491AA7E4BE8C,SHA256=60A74FAD1E6C6743FB9C802B7F6305F2675CFB5ADD5953E58FD61B1DF53A2E7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9F182E3AD335BA761FB332701977154,SHA256=6D8E6C0B98D099DC03B625C36FE55CC41F7357333A6ABD642493DE089BF06081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:29.879{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7C2D7266F1AD83FA12E491AA7E4BE8C,SHA256=60A74FAD1E6C6743FB9C802B7F6305F2675CFB5ADD5953E58FD61B1DF53A2E7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:29.698{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B05D3A5E91B9D5F75655826ECC579F84,SHA256=294F54E87841B9079F6E780F8EBBE5345BE70A0FC493299435D82C94E800F2BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:29.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0877584A548C550620B01229FE349FD,SHA256=12477FFE4549DAE5352A4B57684EADAE12A4A690CC9EAA35B7717E5E230AD042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:30.716{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24B43D83BA8C276D6BC9329B77C1B316,SHA256=8DF900F223DD99933F4795F742FAF26B927467EC457D77302CEACF9392707EFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:30.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9064BA5B94B492CB5D307646FBF7165C,SHA256=518855FA67FE3D962E5414BE53CBA501DF56ED545277575579935B7297695B58,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:29.167{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64846-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000238576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:30.315{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E40D-615E-DD00-00000000FD01}27722156C:\Windows\system32\csrss.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E412-615E-EE00-00000000FD01}4964364C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+3d433|C:\Windows\System32\SHELL32.dll+3d2fb|C:\Windows\System32\SHELL32.dll+3cc17|C:\Windows\System32\SHELL32.dll+3c8dc|C:\Windows\System32\SHELL32.dll+e2157|C:\Windows\System32\SHELL32.dll+e20b5 154100x8000000000000000238580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.981{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000238579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.720{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C7371E6B0495C6E16E09970D32DC0BF,SHA256=6316E080562EA8E54153E52C0EF5863C3E395AC5C28263F518E9FF1A73C7D92A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:31.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B2424545AECA301181D5D7CE77A4E19,SHA256=987174189DF58C11F8BF4983C8BC4617B265718E784CA928D414D2E01D203699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:32.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD46B03297CFA1C0A207EE2D7B26FE2,SHA256=A6D1B9C0CF3AEDA0B7661B0D40535196ECB5AD447E1C24AC4FFC5A0D959A638E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.445{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-024MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+94bd7|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+94b42|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+94b27|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+94b27|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+139d2e|C:\Windows\System32\windows.storage.dll+9445c|C:\Windows\System32\windows.storage.dll+94238|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+139d1c|C:\Windows\System32\windows.storage.dll+9445c|C:\Windows\System32\windows.storage.dll+94238|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+139d1c|C:\Windows\System32\windows.storage.dll+9445c|C:\Windows\System32\windows.storage.dll+94238|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}6364ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF17d8cc.TMPMD5=8554CEE29C03241DFB5882E9984AA700,SHA256=FB6542D6D734A4D8C127624D80AED6D404A14B78F01E3564E0322ACDDB2A2FB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.184{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.137{6EDEAD03-E1A0-615E-1600-00000000FD01}12801920C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.137{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.007{6EDEAD03-E1A0-615E-1600-00000000FD01}12801920C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.007{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.007{6EDEAD03-E7B3-615E-9401-00000000FD01}33603556C:\Windows\system32\conhost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.001{6EDEAD03-E40D-615E-DD00-00000000FD01}27722172C:\Windows\system32\csrss.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000213693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:33.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1F2F975AC998A45CD489BA229FBD601,SHA256=C4F48B6FE23FF61C89A51319DB9685BA84B940226CF1797D6287B4ECD743CBCC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.756{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.756{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000238623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:27:33.570{6EDEAD03-E7B3-615E-9301-00000000FD01}6364\PSHost.132780832519818755.6364.DefaultAppDomain.powershellC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe 23542300x8000000000000000238622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.555{6EDEAD03-E7B3-615E-9301-00000000FD01}6364ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_ma1eyeak.tki.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.555{6EDEAD03-E7B3-615E-9301-00000000FD01}6364ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_a2q1p5r1.4q0.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.443{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-025MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000238619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.371{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_a2q1p5r1.4q0.ps12021-10-07 12:27:33.371 10341000x8000000000000000238618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.355{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.240{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA4FB43F550098EBCB0C3DC25D0E1E74,SHA256=FDD636E07A37FEAC42233843BF9DCC9DE6059BCCFF52C5595FBD4369284A30E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.240{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5EEBC30D23DE4896BFA47DBB0A98124C,SHA256=24A0B136B3E0E76FFDCAD2770B313FE4A71EC11C74DF4A6BCF859FBA885AE9BB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:30.709{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50016-false10.0.1.12-8000- 23542300x8000000000000000213694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:34.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1144B86F3267861878795D66F475FB54,SHA256=672D4FFBC03B6153904AA802AB3ABCC10FC1BA066FFD06EB0B86FA8796E8E520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:34.356{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=9916115D18670ADB83BDA6180BAF9168,SHA256=0B5CEC6E1A479B937B210682B3D71F14FE03E86514C7E7DA03A4E9C46186207B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:34.240{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27F3ED2417AEF923C77F1D2333172487,SHA256=319E5FEB1EB39F4F4F55A8AAF423DCB85339B10928767B986675C23BD958F605,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:35.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E50486F0FB82F5834F54C30435E1A2BA,SHA256=9D71E84D6B443E70B2D9B3AB3FDB8A7AA9606B800C01C4FE3E8981D3ECB5C864,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000238629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:35.825{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt2021-10-07 12:27:35.825 23542300x8000000000000000238628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:35.257{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2C8394E05D9BB80B0E8EE201E0E7C6C,SHA256=01209CFAFBBFCD33B2420245AE20A24902AE1B0B17925F5B1D587FBE927A73CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:35.036{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=137192450A98216A58426747EC6DC81B,SHA256=C08CBE871904B481549DA92EFCD7086A1B68A9256266F774697EA79E4A23F645,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:36.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B80B9BC1B0204796204181D7CA822F74,SHA256=E1E1C857C262DDA377492D5BC09F5D66BB02988FA2622D77FD82A0438866E58E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.849{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=326D64EE98F00C872E4B8D3D57DC1A0B,SHA256=23B6D76E970BFBE5AAC3B2CABD2327DB3017213B3C35F068468C29CB23ABFE4D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:34.947{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64847-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.341{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.341{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=7772BC5F8219EBF857EEFDF4BFDB09F6,SHA256=5F07FE11E3AEEF6C08EB20AA2F9D23C33E002A52E7529EE59E04D1E45D466B91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.288{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24256F902892A66086B64FF7B314D371,SHA256=7E5B6D5B35649704E68C3CC8AB5C3AE0046B85C0A104DEA6A71B13C3E652DA47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:37.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1123554D1D870911D7C75D7946D88172,SHA256=06C4D8FE46EBE497F2DFCD2D0EBA77299444564FF5873B35FA147BCD467BD6B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:37.301{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E085C7A41765A3FF08F245CCCC6BE679,SHA256=2F48A0197B62F66523EF3DCA5F81C15BAC3CD6C8B39ACC58C10CCA00FB0B4F5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:37.120{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=ED3D99A8F2A4CCD23EB6FC694354E036,SHA256=4651709E37E27BBFABFDC3E59F559544082CB0131CB62C1A9836982AF583D190,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:38.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAA93E596729B79EEFDC71D7207D5330,SHA256=FDEB42927244F7B3BCCE71891F7BFF732A899DE1DAD65DB8D8FA3E6708CD275F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:38.322{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89350C606160399EA6FAF21E205B63F7,SHA256=9B9C5C21ECBF7503AF8108945E0B5345384E070BD0C6D0C3A9A29CF8E0648D6A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:38.070{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:39.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BE3E839A1E939361D25C4322A80B601,SHA256=E6A80FE0EB8C06AB684B3AC1B3F2F84E15BBC6E034F4983ED6AF3FCF4E2C5102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:39.324{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45969CC40A94542F9B4AE6716D1F0D97,SHA256=22A0E08E99DDC4F7E1295C38671E381A9FC52E85ADA31A66F463DB13CDE71AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.624{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.340{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D8F21E2C6386320E7D4225AFC56593F,SHA256=C2C0E416627F507C03DD4C4EEA49CA0DA2261A158914659A4FCC049B5312275D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:40.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E16186C855CFB24FD1175D455E02449,SHA256=656548B63C42DDD6FB091EB5721C0E056AE83C9C15F59A84288CF91D96AC9ED8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:36.678{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50017-false10.0.1.12-8000- 10341000x8000000000000000238640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.186{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+ab5763|C:\Program Files\Mozilla Firefox\xul.dll+ab60f1|C:\Program Files\Mozilla Firefox\xul.dll+ab545d|C:\Program Files\Mozilla Firefox\xul.dll+ab4662|C:\Program Files\Mozilla Firefox\xul.dll+adbd21|C:\Program Files\Mozilla Firefox\xul.dll+19842fd|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4 23542300x8000000000000000213704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:41.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F83EFBBF5514E0B9C89E9C341A350935,SHA256=3BD5DDA9D4CD6AA5D1ACF0048A6C7050E6339281C70D716FBDC59AE102A55702,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.094{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64848-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:41.341{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9B0EC8993AF48DB989124E388054BA0,SHA256=06AAA35D077AC5187FD8458FD84FC89AB7E97EDA9FCD69C27DA0B1AF02A34EEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:42.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68E0822DD404D48B45DFD14A6714C9C6,SHA256=D36B529697E03F4568F527EBB0E9A3B7281E40768A21166ADF35AC8E90F4A266,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.510{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64849-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:42.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFE468438F94F9AF387EE2151FE43A4A,SHA256=6BD973758738CEC7651C4CF1E736F80B1BD262730D56CD5C1897527FABCD3627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:43.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C1B44C3FFB67009091EB632DAB08C72,SHA256=DD55CCE0A4F2C592CB06198861DF212EDC4002DE13422BAAD7225423F78D768E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:43.406{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F64353721AD85532139A18A97FB41DBE,SHA256=2B3745C8FE4BFA6522C3264A103F2B66ED414805B97382BFEC1524524662D043,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:44.422{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65F2E9C44B467B81E1FE1AAB9A16638B,SHA256=63589DD6C41912B293429A4287F686CC83472776409DD4CA07CDA7A3A9F68984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:44.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AFE277967AC6D004D1441B505A04919,SHA256=2C09229BB95FEE9E5406BB3BF72FA6830E8EA8FA17BA44370E792860D11BB46C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:45.423{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B2CE2CEEEDE3D287074F7C3CD20A500,SHA256=3959352A4845163222F118CAE871E24D11F81DA93A47B3D41FDE064190FD2776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:45.881{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:45.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E127C562ED5BAA0CAF0ED3FA335F665C,SHA256=7AD29CB42E24694082B818AC06284815BC811D954663B6D0E2AFA86489D08787,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:41.803{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50018-false10.0.1.12-8000- 23542300x8000000000000000213711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:46.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43643FB8236A0D5CBA2146BEA1B33380,SHA256=B51F5456DD8C188EAF11B45EC2912E31D2F8F402D19606419F490059200000AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.438{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE541884FBAADBBF6273A35402A66924,SHA256=53D5953E456415B1AAAD2172DC655C6F8812EEEF700087C4DB984B48BBD524B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2D3992624E2CDA40A113C7854059340E,SHA256=92AA1A39AAD97E963C2F67FE455437B72DC1D7AC5E25D46C5AD1E1616C83D23B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=784DC3800B5EB4F23CC4570D265744AF,SHA256=537918A306AE100115DCFDAFC412453C81DC33946BAF338E5B0BEB3327BF256D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=FB3AA68E20C0D9E52D8D5C0660E02261,SHA256=2DA7C8F4CB8FC09ACB71F5200E6C5B2506EBE22AAA9533C986437478BEBD73BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=BB160CF0C5F7B60C9F9A238ADB429282,SHA256=23460D46A8EC8777A23258139E23D3273A584EC1B8EE3D672BC2548E0DAA3837,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=94D0CB85BDF33751D1049E24A4BFCCD7,SHA256=238A7CB9BD96BD18738E4C99E5E3B6AA1DAD2435F1B544D34FD0F7D7C55B06B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1550F78C84F60AE336ED3B5DD4F5811E,SHA256=51AE2A8FE195260432017772F82C1EA668C12170233F5868249180A1F12058BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:45.146{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64850-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:47.457{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90A2C383222D074D3A2F0EC51F7849C8,SHA256=1B268C840C91EF59E045A2B09E20D6D9CDD4A2D0E99FC605EC377AA5A41316FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:44.443{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50019-false10.0.1.12-8089- 23542300x8000000000000000213725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B7EAC21AD6DAB0BEB2ADD4484908C19,SHA256=8B372A5CFCD317F8B653AAE3644B52C1241B78CF1F04B7B41FDDC4129E4D909E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.351{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:48.476{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=519E6D0C356946C93CA6D8B2C67E4D5E,SHA256=87A3934C212905B3CD2DF3BBB202405B3A3F47168D59D1DC36B77B07AE8A0DAB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.569{49C67628-E7C4-615E-4901-00000000FE01}7483276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3EC29E296BB32164570A3955B0B619F4,SHA256=0F3F06E3446CFC84794B2F330A2E412D57169BD757E7EDE769A45F39C9B159B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74DC975853695837E4EC20AF53A40AEE,SHA256=22DCBFF94E34D8FE6E9CE03DD9854EC9DBFDC027B65C3BF49E7D3F3836DCCB91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AA3C2C40A1F80517235969DE52BE81F,SHA256=0332B95F6304F6AA3D34F9A996653F79094DCD3A5FFF169BE87061962B47E306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:49.491{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B751EF4B2853616CEF286176CA241BD8,SHA256=3C54C36584577EB9CC2218BEDFA60174F384B9151663450E232F1A789AA519C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.553{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE32FFC06FF937B94C9DC67DD51518D3,SHA256=0D01BF01B32431A1017DCF835FE0BA0F5791F244AAAEB66CD7D0ED56563CCC5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.553{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3EC29E296BB32164570A3955B0B619F4,SHA256=0F3F06E3446CFC84794B2F330A2E412D57169BD757E7EDE769A45F39C9B159B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.085{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:50.557{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=510AF0498D59A11EFBE6215D97CBC608,SHA256=2C425D32E09836A0C6556F2C0D6A7C512383E48D19A3C24FE0D6E22CBCF4AEAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:50.553{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDDFE71553BFDCCE1B8C4A9C9D25F461,SHA256=B3266343250AD0B30DC9F38F5CDBEECD26610F8A9BCF891318976066021928EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.678{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50020-false10.0.1.12-8000- 23542300x8000000000000000238662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:51.576{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EF22650D2E602CD92C5CFBBE8078BC9,SHA256=F4028154A0330A52040FFA86842C5787E63451E319D519E6DD7D27EEE8FF71B3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.836{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.585{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19FED37B7286186F90A0AF9557062E10,SHA256=4B994633D6BA0FF72D7559BE416262812BC5ED7FF91C0CA088425C80554A2126,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.381{49C67628-E7C7-615E-4B01-00000000FE01}29122592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.179{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.678{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04782E1AB3EA715D20EB965B57A27A3A,SHA256=2CDA3A39AB0657B013FF86A870C299C539F8BA16A9B1B975F6971749BD73C8E3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.647{49C67628-E7C8-615E-4D01-00000000FE01}29641608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:52.578{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=169E522D749B33620B05CF23B87C9879,SHA256=5B12DD12E081041C6C265C8864C34A0E0991F3EC1FFA52F48E237C1FE840045A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.461{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.382{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21E8A935D0223EB99A04369AEF188C2B,SHA256=823F01F867E7D698D783E336AF708B37185E4CF1B685C675BC7867D573EDF140,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.007{49C67628-E7C7-615E-4C01-00000000FE01}22562760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.663{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED6C976386F782BBC3B13BF0524392CF,SHA256=A3968B8350D38B646C0A35EA2AB520C7885C5293D2CE9AF100A283399DE51921,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:51.161{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64851-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:53.582{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=781487AC618AEBC3ADD6E0483FB80F8E,SHA256=17182FDCEECAA1914E8D33041518DCD5A559EEB1C1827AB6015F9A9960AF4387,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.475{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=00BB217C4275408D3D6ABAA205CF4538,SHA256=CF79F9CC259650672EF7ED50E9554D06ED4E47C49BA29D51A7B79978E7E36C0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:54.694{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB72185FE7CA520E5068C4E280B8C32D,SHA256=9D0FA9F1C0A03D5A83F2C6806B27F5C922B5635E61EF1B29C7D55C76E4465ACE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:54.586{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C67D7867E2C24A55BB4CFBE989E75A7,SHA256=4A8A85D026C437FD933BD9131D70C783A6B37E330C4282828E7F6DE585E6DF1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:54.632{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=693B82C89A470C5DA954C6F7A0765621,SHA256=55F674F8CC25AB899355F6CAC83BED3A066307BE90FD9235E58E526E5E52DD4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:55.788{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B22F7412B53873DBFB04E739C8041553,SHA256=A792206F64A4BE05A178A3C10D79A8D92FFEAD3D9E26EF0719148F4A649F46A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:55.586{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6A7FD13E928C4EA908B6F2C7E987CC0,SHA256=EC8FDD45B1FA4624304C67BCBB16E0F9136C5919722374CA8861A8D75AB7A246,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.756{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50021-false10.0.1.12-8000- 23542300x8000000000000000238667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:55.486{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=E97A929E1DA428CD53EE72DA157498E4,SHA256=D3B93C86BEDCA1C75A5EADE6334A54E451652925A631FB04F3AE62D182E3ABCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:56.602{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=847199F8524ADE28BFCCABE9F2317F4A,SHA256=C409C0D76BDDBD5C9BFA856AE7444E68742AA43EF7C7489ACDB6888283118928,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:57.617{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77BCE7E25EDE44CDC85229934CEEBE18,SHA256=91337C588AF48013CC4F515D4FFFC6C79EE908785D4F9FB5184BE51E2821CED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:57.023{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=759B68FB2CB7F9C6175754B3FC8D57B9,SHA256=BD602AACDAE92A03218E0D96A21924CE91F4D67D11ADA885393775D00EC7A4E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:57.024{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64852-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:58.632{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FD5108700F57D6A605EC555EB72548D,SHA256=EE2FAD18912C8FA6A908482129A24037B0800B8EEE3E105D97490B6317A166A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:58.038{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0323EBAC8B27B77E904C28A1F23E5341,SHA256=72B1900490B0541D46B21A490DDCBB9DE39A69B7672F313ED218BA0D9AE85758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:59.647{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18E80CA64D3D2D64D56E55131695B6B5,SHA256=357F7BF70AD2C017B1BDE41EA7169F5CAE3D8D1908166F3BA2205B2178706F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:59.101{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08570F6FCC80A1F47B7ADE55C246A178,SHA256=CB99C4CBC9FFF46B7CA7F0F24357A1D4059A4B5238F6DE00962F9371659DFDE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:00.648{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC80669B111CA0E8E69604A372DA010C,SHA256=7B494E6565EEDFB13593877B1CC99B155F663E4F5381E0E1BC9E821F6D06C27F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:00.101{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2451AEBB1C0311DC5542CE5B681B3692,SHA256=A30A8587351F9CB91C9B8E0661DACD4F3782B8504FC79C6917DDA3D60067ABC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:01.648{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C8BB692687411FB22F37806DFDFB32D,SHA256=B8A8D0FF6572B985270750AE2D7DD7415DDA9196B853963E94B4B46B41919864,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:01.148{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C0E46AF92F59902B346699779B7C3CC,SHA256=92627939783352225811AF6558B5A04683D92264D85EFA3CCFA78D2CE28CDBCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:02.667{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21D36CBCD0172C8A6086D70702A8B51E,SHA256=B282D91E52DC6C06A2327EF93D8B2D62C22C6EB224BD1303212E9A4BDF1394E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:02.289{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B893A5183AEA646046CFB203761090B,SHA256=230C08BD4F7302D6F4A9EBCBD1A9DE4854F7E963D4D4D7D407B66E2BABBF7F70,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:58.709{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50022-false10.0.1.12-8000- 23542300x8000000000000000238683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.674{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82F36D52574DAF3FA5945E7F45D31AE1,SHA256=6BC1A62A26B00DB216854BCB1A8C8D84C5C9C7A2338F8ACDE631EC8CA751C2B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:03.336{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7D9B4174F91DE8DA094625C79D3CA54,SHA256=EA47B5BC0C77668649F92D6933EAD50B35DA2F71CFB204EE4CEAF9580DFD20FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2A1DB77398670FEB4AB4AF0FEDC4B645,SHA256=EF4760CFE9904A34BE606B53FAFA4A1A56E4EA29686977A46E814BEB9123B3A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C4C6B2929D68A2554C5F8EE6A346B15C,SHA256=8565D6406F88EE439EBA788DE942E5D5AB605F9DC1301AA3C0FC22D3E0E00DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=8970D93737E2C6849D02A2C37173B11F,SHA256=9D2A0D9A5E4FA1CD8E7EE05B8206AFAE8835ABFCBBF892E48FB57CA1E6DD1D89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=8DA80824F473CDF7F4843973594F65BF,SHA256=F082ED7EF4D2CF98BEF875E2CCF1D6B93F0387D64FF5B3830837BE8ECFBF3F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=803B2AE2C5CE18928746A706FDA8C796,SHA256=C89DA93D1EA82CE66880525C2EC1AFF1BBDD0660025559AABD5EC00C3E9E6736,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=E7603E0B1DBDD7CA4E34827246EC83B9,SHA256=F7DA060AC22CED830C4BDD7E1E703C7CF7F3BAB6E9EEFE09E6E0399A3CA962A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:04.693{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F315B419F07D320D06A097010354CB0,SHA256=86CC87669F63264E5026EDF9DC05FAEAB3DC1C6F485E85CFE08915E769DD0E71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:04.336{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC0A747225A2DEDCD14CE11FF4637D99,SHA256=B24A1FDE44FDB34B815236B7772217FA1159BCB24509220607636F9F0E1B100D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:05.724{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B0D0DD8401D05ED276D5FF95F1255D7,SHA256=5CD113713BE0BC8DEF3F2D90B5A0A6755FA39D1E0AE1B0FADD0F36DC57D79868,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:05.336{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1DD50C6F8DFC1FDE3999159AAFA0D57,SHA256=2C98700B1F02517EA70850E194179400042231F81073CBD966E1E218FAD64323,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.029{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64853-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.748{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B1F15BAE01DC3972B9C0B28AB1EA29B,SHA256=9AAD415726980A3FF5573880798230898ED8C659AB6E8FD67903077E1E9FE26C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:06.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80238CDD6FD2DB31CFDF392455F0C2CE,SHA256=9D9675ED9EBD84B1EA8AC2B6090DDD098995EC65F758451E94BA554DC89C745C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.409{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.755{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB8CC9EBFEFB4FF92555629FC92B1B1A,SHA256=AAA1B82C0C1B0DDB6DEE0EA8C4327A8DDF34BF7277698081400144B4734EB7C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:07.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BF96D7F1B9480D62BBB353E19F9C6EB,SHA256=55745EF571745EFEDBA896A94BBD71E1977A2B7B9CC62725A083A31E6254415B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.724{6EDEAD03-E7D7-615E-9601-00000000FD01}71167144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.286{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D6DBD68FF819E99E7BCE0BC8B85433D,SHA256=2ABAFAC4BF8CF56B0482E79F8C5FEC5A763A80E8BBBA9A96A685D6A7D9C904EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FAE8672C192A7776F12EC40D0F27454C,SHA256=82C89DED0782DC9DC7B9017C3360CC0BCBA4D0AA4A8BC677E3B20F7B8E738B67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.780{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0217CE3D4C5C5E3F21B79014E66BDB7C,SHA256=7CDB03B4A373707C5093CFDD8649D3AA2F9E7EA26FD750062D55254D6FB52AC4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:04.662{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50023-false10.0.1.12-8000- 23542300x8000000000000000213837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:08.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AC444A1499D807A2172443BDC9A7F12,SHA256=B29FBC52CEE7A6F001E201A7B24C99787F95161E0E5E3BFB5106711565CC8C81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.571{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.567{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.567{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.567{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.565{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.564{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.563{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.174{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.625{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64854-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000238708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.625{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64854-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000238728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.818{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.801{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8098F60F90B891990C42D130D7F03FC8,SHA256=3B23DBC145E06AD618AF8CA15DB92936C11A47A9FE13D943B6CF419D46244452,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:09.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1F199C06E10CABF9C9564364583FDA8,SHA256=9B7AA15B5B675784A5FE31A3B247EB8687195C89A810C605D2A4787EF6FDBF8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.182{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D6DBD68FF819E99E7BCE0BC8B85433D,SHA256=2ABAFAC4BF8CF56B0482E79F8C5FEC5A763A80E8BBBA9A96A685D6A7D9C904EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.819{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D5F8134494F2DB774FADE907A8FADF25,SHA256=EBA46532F105871C33DF61A4C9B50851985FF3380507DD0E28391E987298DCFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.803{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E46541587C287919FD974DA33DEEFCE3,SHA256=B8722A4692AB387C2208DBF2AB307F813C414EF07FD6D5770C5648E039690E95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:10.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4DF947F0160441AEA34DEE3CF2743EB,SHA256=13E222C434EED66134FD7E8513FE93857F08086F76C4BC650C33E8B3A643549F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.148{6EDEAD03-E7D9-615E-9801-00000000FD01}65203292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.968{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB5870E03A4EFF1A85A3DAF420A6982A,SHA256=D1DCF9B9500FF8A04A522A4571963E634013C3E3B16AFBC9F1C0BD8A04B9F666,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.823{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.805{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF4C9A9C05EC599EBAECEBE103278037,SHA256=851F7FD91E4975B816EB89829A14A7C9666035513EDF1EE0FE9E75DC661ACCB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:11.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=112CCBA40A8286118D5F8BF6248B6B40,SHA256=47B7E0FFC1F692922D5957E3B6E0910FCF08A91E330F12F5EE59A7DE43789211,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.503{6EDEAD03-E7DA-615E-9901-00000000FD01}70766912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.119{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.952{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.024{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64855-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.822{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E651450A81042663995201667F893E39,SHA256=69CB9455C46CFF483AB0F7995AB9F52B818CC4B3869E223D67164C30378340C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.683{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.680{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.680{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.679{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.679{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.675{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.675{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.507{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.068{6EDEAD03-E7DB-615E-9A01-00000000FD01}42686064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:12.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29446989429966A8CB5FECAD0D14C0EF,SHA256=CD3536027B0D160F7688264E0DBAD89D8D19DEDD3330DB87199F659A39D4E362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:13.838{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC2DD5C300F9A827E59C4B650CCE8C19,SHA256=0A4F42B1EFDB289BF5B059630336CB8F205A9B637020B261FEC86885851CD905,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:10.647{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50024-false10.0.1.12-8000- 23542300x8000000000000000213843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:13.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3EA87BDCA837B8E4F4D0B2DA0C4D4F1,SHA256=F05B7567C8D61B9D332B6A66E8154747E9940293E16E1007B4C0197DFB925C0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:13.507{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6CFD3AB8E88903566E50D5A1558626C5,SHA256=C52D15F1EEF09932EF5469EC37EC20423717D2942130BD8C7270E1C470C13A20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:14.841{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3210796CAE780BD6B34E2BBAC2FA840,SHA256=D98B1F4C6EB2CCAAAFF6920C6F499B27C76098DA23ADB3CA7E94AC77A3B91457,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:14.368{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E273E6ADA322A28181DF077F6A2CEE2,SHA256=F7A53B437055D07794DC60294378BF8DE5109457ACD231EB9B138BCAC87FBE41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:15.842{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23460D8F364BC755E4013944CE6205D7,SHA256=D81071D6C5A8CC6E61736D30FFD8AFC586BF65CF0BF2B3AD9CAC6249FDBA0E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:15.684{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-025MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:15.370{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB22EAD986F95CF68572C91DBCBF8C6D,SHA256=4B773CD6765827F435974A236DE4FC4FF218291C20AE540AD9ABCBECFD185368,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:16.863{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F55B29C3B4D528E1A9D238BC62CD919,SHA256=BB7B637558CCDE659E3B77845B33931F6648D96608E45E2A37E13F133586DDB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:16.688{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-026MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:16.376{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0191EC45E5428705A678176E37F35E13,SHA256=77DE70CBF33A66D519AA999AD08D124F8DE2F07681B01042604518622B7E16C7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:14.061{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64856-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:17.877{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1C7566AA8480F2E593F83F6B545802D,SHA256=E0B5A4EBFF1C664F2CB546FCA1DE4B6DD2F454E03396AEE383F07D18F4264FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:17.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DC6FC88E52965574AB7BDC4E23F5869,SHA256=B7B156C38D84C949D098340576A622EA8DDEFE6B16A0707360018CC5409D76E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:18.897{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97437DACEB3EAB295AE73F100F8064AE,SHA256=22E0D061EC0008464117052791EA96FEA195F043F092F26C1D4735699B14A2F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:15.693{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50025-false10.0.1.12-8000- 23542300x8000000000000000213851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:18.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68F87279CD68AAED6A8BE5CE6BBFB7D4,SHA256=8DCF89B086325311470A6DEBAC5591329C7E18C4858F996681A11AA175E28A66,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E7B3-615E-9401-00000000FD01}33603556C:\Windows\system32\conhost.exe{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E7B3-615E-9301-00000000FD01}63644244C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+ce6e006b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb634c4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb630ff(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+ce62b42d(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb20071(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb83ae3(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb65af2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb65af2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb65983(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb566a3(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb63be5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb63757(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb634c4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb630ff(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+ce62b42d(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb483aa(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb4791c(wow64) 154100x8000000000000000238771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.932{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exe"C:\Windows\system32\reg.exe" query /v ETWEnabledC:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" 23542300x8000000000000000238770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.915{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC61DB0365C475F5021D3CA7C741D2D0,SHA256=9F9EE9BE9277C3179520D17798D72D3D981CE5CD4745295EBB3C2FFBA2342BCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:19.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=415C27ABF68B5C4ECC3F68794F8DF0E8,SHA256=4B036C9840E5E45C16544E1B9854B924869168DC9DD9524879732EF932D2E9EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.978{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB571F47F9672BC7BC317EA93181460E,SHA256=784FFBA3BD9A98535893CB62776A32A39567E049D29477FC0260FC2E261101A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.978{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27EFEA396EB968D1B349C320D4D4FF61,SHA256=179C00178EC0FC487954BA0898E98F9BC373B7839565ED691490512FA6DDF6D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.916{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EABB5101A4D3E4F457B3ACE778EEBD5,SHA256=BC22AF6D031387B44856C8A97713A6FC8D675B894E674DB6FD1522AE0A3AF030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.916{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=47E4B773DAF0544AEC18B26DE2935114,SHA256=068C8CEDAB3EF8D8FAD06B06AAEC22FD1A94BFAA4B7E188A9087C4E3A768411B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:20.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5FA76586EB3312E7856095580F59407,SHA256=63541904B85C3DA2C5ECB6C1B4C9E2356365085C76C4BA58C6734B60FE2431E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:21.918{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5774EB78416EE35A1E2E703DF6FE9EDC,SHA256=DBA7DF73037D69306A977D6C304DA7EEB2072A4A434FBA1973BFBB1E1FB09A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:21.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD9A1649837FDE20EDA245A182AC81BF,SHA256=7ECB8B7C1EFEB1F9EBEB4983A5C99A73A258F9F47CA4F104AFA7A73259B5677E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.101{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64857-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:22.919{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF49B7333BB727158CE6DA899876AC07,SHA256=61597F8D5C4606F76730923A531CA98588955CA6C9DBB74ED5A2A44C8C58773F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:22.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD53A248DF865DF6EFD6C5547B6613EE,SHA256=F909433BB1C5AED37A6B6A5B5C5DBC4CD74FEA4185C29B46F811C248D4258164,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.966{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD5F1DBC85DA9FF52B67E4C068B020CC,SHA256=0189718BDA633B574AA6685C995280FBDC40BB756E1BB227573EC5F3235C1BB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:23.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DC5046AEC83F64B2923C827C6D13EF7,SHA256=3025150A398A33A927D7E1E74F75C0501272BF750D845829E0C1E187BB453A51,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:24.966{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3968F99F56CC43195BE4EC918D0E19AE,SHA256=87DA1313F2A21699026574C5D122583FC4B85E55FAEDE70D60A4B23FC1494ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:24.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=588D2B2710B9F440CF0BBBD6D636D248,SHA256=8445AA150C7E303E8870D0F36C816146A8C79DFB3F411BE08B32DEAB83A82F98,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:20.819{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50026-false10.0.1.12-8000- 23542300x8000000000000000238795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:25.983{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38405169A34D9EA290BE6FC6E5A15CE0,SHA256=BF1715EF938F4C0E4B5E1EB4BAA5DB3BE044BCD51FA833F95C47A63683D3256C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:25.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F01B19A8DE3A0FE884F1CBB2D9AA8EB0,SHA256=451B9DA0D258F202D11FD37ACBE21DDC5BE3DF1AB41672DF559EBA70BB108A4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:26.983{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=288B3CC74B4BC048FE55431B2FD11B87,SHA256=E60A264E296A80B7373E88E15D6067C249F82DD1CF9D39884C8C57C4402A4976,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:26.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D77A82F6AE7A8C14917BAAB78981D43E,SHA256=2B28A7ABD9D5B16C08D208EC9D744D1E4EEA1B1FD4C38A93411117D7E57781AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:25.042{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64858-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000213862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:27.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C88F080280B23486CF6989AB5D49733E,SHA256=0202045DDF35DBE578A01D24BD875C0930438E0E4E24E823D01A13F01945AA4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:28.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71786572EB15A58C1FE02AE9913135FC,SHA256=72D859D87CC82EE73025BF66B4AEA053ADB239EA85065672405A022048739C87,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E7AF-615E-9201-00000000FD01}19084216C:\Windows\system32\conhost.exe{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E7AF-615E-9101-00000000FD01}19286988C:\Windows\system32\cmd.exe{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.288{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query /v ETWEnabledC:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 23542300x8000000000000000238798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.001{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E5E7125E154A3ED9B2FB20D67B7E7A7,SHA256=A47D54686937BBA3AAE1CF7CAA5F8ADEE62312694BE50002016FE31C306C00AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:26.664{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50027-false10.0.1.12-8000- 23542300x8000000000000000213864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:29.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65B57FD8FB58D2F0AFF6C58342F1F236,SHA256=4E83B018B642114FCB2C4F30ED2EE87197DE11F36C0FD42FC6F3D755642CE09E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:29.304{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1E6C5779364C36B0E239D0991BCD98D,SHA256=D8C498BA54B73BF57663BCD5ACCD0C3397ED101A5A4B7CE24278894650C6A58D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:29.300{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB571F47F9672BC7BC317EA93181460E,SHA256=784FFBA3BD9A98535893CB62776A32A39567E049D29477FC0260FC2E261101A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:29.036{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E438E994B9AC66B0F2F95E0D90B56ADF,SHA256=23B05A488B52E65692A57A233CEFF805E49F28778D23066B86008043FB2B50D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:30.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04901668E5AB776FE07815C645C80F6F,SHA256=F5B816B166B92ADE602C46F09320E4D8637AF085B9341D055F9AC08B5E2A98E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:30.051{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DB24C21B5C4A4D737DFDE73E3EB561E,SHA256=C1E2A41FAD9C729FE41EB419D9BF2D9F9170F95FBE9740A6AF2D22CB14819121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:31.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19114D19D29726BB3F4D6139E2E8FD23,SHA256=E07C67F3AF2D31BB035285E5738EE4E30138FBC23CD2C181287A4FC66558E24D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:30.105{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64859-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:31.066{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31E673978B490E0C8C78ADEFA2714430,SHA256=F41AE0F4E216F55C682C4A1F73C7E8585E389B8703A4AD7E0C5F749BBE650D0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:32.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAA948CAA0FFB5B656AFF774C89BC442,SHA256=EEE3CB0326C2BA5254BD3AC731C1F40C18BDE9B10CABAB923E90DAF8DAACF2A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:32.103{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2426BDCE8F44CD104E220A925F9BE1B,SHA256=7DBB5F7F39F36FCCC41FFF8113D8F6FD29228BED0632645721B3D7D04570089F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:33.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A957C6D467C27AAFF34AA80F6982CC51,SHA256=246CA9A2AF8113E7A7C091D33AF0B1B90D1BA676860F04616077CC0DB874B157,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:33.990{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-025MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:33.119{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=615B7597F68A0846E0E49E65E879307C,SHA256=26D34775C624EF47A789659E6DB3D42D83B444C250A9A87747C1B8A8FFE1DC91,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:31.741{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50028-false10.0.1.12-8000- 23542300x8000000000000000213870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:34.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACDD5BAC1A6F40C2CE622F0C862266E8,SHA256=1AEC38D85D5D07787DE006CCFE1FEE3F95E72841FA67A90E03461E9739B27989,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:34.140{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6821C28B8A7215148EFFAFBD4497AACF,SHA256=E6BCB02478ECF486BE5E1EF6CE60F0CBAB3470D609D82489D240A5707D851C51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:35.155{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0C9C9BD403FD8381FF1B7526CEE7C53,SHA256=854727A1E159A47E7ECC534AFBA513FA967A42B66985F93BD47E5594A056000C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:35.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C73EE68CB1F46C2E9E610BAC0C90A32A,SHA256=4CD2341AC30540AC9ED4763ADEB65891D28961189E5717C91C3473F7C2D0C1D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:35.041{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=5005CBE65FF2B9C5834BA19D41236207,SHA256=120A6D48A05F6848F6E33FD790BC6D83D6372B8FE71FA5E41C4ABE387DCEC034,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:35.003{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-026MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:36.172{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB62BB01731E4662F62D003CAEBE3211,SHA256=C15A1A42F0397D8AE22BB395DCA0D593A4241C67927B512433787CF979506135,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:36.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A88B280E7953AD0B10FEEAC9CF47D64,SHA256=21B3E3A4C27F60B249D5ACDE8AEA0E91027B6C0D6987414AF15FAFC48CB55A43,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.729{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.729{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.729{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0B6F61CD9023DAD8FE0DB849E513172,SHA256=83676B495BC8610977F5D679B193059D34B4E9F7CDF8E31ECCB66AF379725342,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:36.095{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64860-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:37.173{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BF9234836FE3CAEA7FF048F7CBA5E3F,SHA256=58B1E245CFAA8D8398FD5BB673F2CB35D73255E62BE7C14115C42AF775196A39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:37.126{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=568E41791B62A66263938A7788DB3671,SHA256=D918590629FB4096314E7E2C3ADAD1AA7B5FE4DEB6BDC3684BCB3D610FA74628,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:38.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E87B1D2E12000F465089100F74DBD10,SHA256=DBD307FD66774AD9BDF500E08B4D2AB6E8185CC9175635414344E3941C1F730F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:38.207{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3BA8C208578C4BD0963D14A7563122B,SHA256=012A026F4DB37608354846B89CD09318DC51A157E81FA13C981CFCF0C6D72774,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.236{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20FE40E747BB1AC9457ECE73CF94FD6C,SHA256=F6100D1A3A9CA44C05FCA8B1EC53663323AE8E29F2AEA9C11FE93986835A3478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:39.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E83E17485BBAF0B46A54061AEC531D09,SHA256=9A5198F1C937811678656F1EC821B371A871BE980B796D38439426F6BD8A7CBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.207{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4525730E71FA9457760F59EF5D12E3C2,SHA256=442D7FDF923AFB49C7D6147E63DEB32956E33AFABD2F5EA6B38FF45FD43DF85A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.207{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B4AA60BD08EABAFE377546522909AEAB,SHA256=A9D3373A0B177517D0D4CE68C61C844ABB1D4A34E4E333121AEFDE3389C16F1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=677A4523CF9A553BF2CF0B0493F25493,SHA256=7C895C0842368E4C57EB039A01F714F554B5329B658A0F2A46A73D5D5D19472A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1C8EF01CD176B8B2076F1853B256EF6A,SHA256=65DEEF4662E3A57869EF44A216B4E72A47AD2B1AE2B1ECF2BA927B9B0EE86A5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=EEB35E9C8273CA42177EBB960E451187,SHA256=771A15DEA5E3284F06A7B9896547B7AC9CA8E219D94E203F3FF5C830FDCCF808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=983D02A6AC6A156E3FB5FC74DA7E6EF2,SHA256=95FB696D5026FE26779925100B5E92DAC203A7A14ACCE4566B3C48D9457E3C4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:40.637{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:40.299{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D826B0664D41DD0E167B8C7B3CA38F76,SHA256=986C2B2399CE7B65B11A08A9B43F756A635D3CE147DAB407762EFBD6DDC07C4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:40.401{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1306A71BA0A3C6B63E586B524F705FF1,SHA256=8F96442F6BE0CFCA05848A5238F1CA108F26EFA48774D8A880CAC6B03F630CED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:41.315{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E55A7D859DE5DFD6A8C321BC073A685,SHA256=83A396485F3A61D0BEF7CE1BB1E84110D8BCA7E27386877DD697BEE47E440F93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:41.401{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07470F398E2AC35D1E6691C47DB3B2B8,SHA256=FEF8AF059E4D66C053B0DC5FAE9E3A4BB02E57BB04DB4E5B7256BAEE5BD4CE9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.601{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50029-false10.0.1.12-8000- 23542300x8000000000000000213884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:42.416{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB1E5D81C53E0FC1A7E5EF8CAF69AB88,SHA256=893ADD3E6B51D21E78067A51A4D8958439595F45AD8FCBF4577C7B03107FA925,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:40.537{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64861-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:42.333{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D01D7A0757A04053C1F89402F7286254,SHA256=5D5F604EC3C3D750C39D6D759EF160577E80F1C03A8EC39684402411F4BB71F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:43.573{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7853076E7640218370F8962E4A38FA44,SHA256=3877597D07A4983D5C22FB62DC7C5682D898F6EEC3FA1E19DF1755BF417677D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:42.106{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64862-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:43.351{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=597C7960594E795452BF6B62F0914F22,SHA256=343C20B1937901931723A09C5AB92028112A7E049E03A829B9AEE87157389D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:44.573{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=415CC4FEDD80C867431EAC874948C2ED,SHA256=34A0AEDF7BD6789014145EB3020261B5A77B9581C21799A9C945B767B1590E0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:44.366{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EE8BE0FE7E864D9F55143A13A0844DB,SHA256=35DABDA11D4022AA53B8FC81B89C6CAB78FF4D600AD5A065842C5A64AD441E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:45.901{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:45.620{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74367B2B63DBF89D8A42575ECF98C172,SHA256=5484FF926E70E04EF9E0330547255E4456C90D36CE962E0C5DF6B2095D55A042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.382{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF2F5DCBD6227A4600A89902A1A21373,SHA256=A54003581892157D86C2C0D20D795657DFFA63D7027FD8FD68A9E9F1CBFB1F44,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.366{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:46.698{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5773EC1169175E885475BAC2420F3327,SHA256=257D04BB43A53922106CD71485D57E30DFE91CDC54FAE8AA224429080DF53EB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.396{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB3664232DF411EC54D8607562277CE5,SHA256=94020B6E47D41761F16992E62F63EABDA4DFADCCC18EAC454C72BE6A1A53A3E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:42.757{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50030-false10.0.1.12-8000- 10341000x8000000000000000238849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.312{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.296{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.296{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.917{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86640CB1798D1A478D536A6231E50036,SHA256=96B3A1A563B85A376CB9FDD89CEF187E497C3346D01AF485F2583DDB158562B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.616{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.553{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.553{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000213904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.713{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB68EAD7B7F0BBB56640FCBE4AFCE2BF,SHA256=9FA5DA551C85AEE6A9551DFA1A00C3F52A63AE1D1A133BED7C9E9A0641623021,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.355{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.237{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.237{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.237{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.233{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.082{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000238852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.066{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000238851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.066{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 23542300x8000000000000000213922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.776{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F14F81BB24F8F8ECD63AF76CBE15E1C,SHA256=06A4ED0FA5765EE9FFFFE828B5002E2A38A8C9D057866188994ED390582B1AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.559{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=475A6EC91B317ECF78566A815D02BB77,SHA256=639531A799563570A83D2DC635073446B7B5087B29C63BB404C54AC7A3B46B71,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.589{49C67628-E800-615E-5001-00000000FE01}36163380C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000213920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:44.461{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50031-false10.0.1.12-8089- 23542300x8000000000000000213919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=39893BDB03F1CCAF66840C88C1E4FEC9,SHA256=07E5BA68BEF6527EFA53E680A5C7457DFC08CA717B2D47B205420B336FEB15F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF417BD5CCA14A1B2FD0BFC0B246B044,SHA256=A1B1274BBEB4DF2FD56237FB18ADB2A39C9C05EB1022322897D671EAD1E75971,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.433{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.279{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64866-false185.150.190.192-443https 354300x8000000000000000238883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.093{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64865-false185.150.190.192-80http 354300x8000000000000000238882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.092{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64864-false185.150.190.192-80http 23542300x8000000000000000238881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.568{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C0549154600026ED884FE8D88C0AF09,SHA256=CC7769336AA2CE8E1E555E01AA0B5ECB9162BF9833734EB2356353CAE77ED902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.432{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=39893BDB03F1CCAF66840C88C1E4FEC9,SHA256=07E5BA68BEF6527EFA53E680A5C7457DFC08CA717B2D47B205420B336FEB15F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.105{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.006{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51224- 354300x8000000000000000238879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.996{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64863-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000238878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.996{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51908- 354300x8000000000000000238877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.977{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51908- 23542300x8000000000000000213939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:50.995{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F485C8B37EFF94A8449B971B63E12C3A,SHA256=09597249AB7EBADEBC81EBC5223B6D664784C0F82A575B077144C937F6DCE402,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.789{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50032-false10.0.1.12-8000- 23542300x8000000000000000213937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.995{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65D8DB937A1F8A99E9F5081C1B8BA839,SHA256=51B60E966D984F49C78D57AC48E09E2FEC1660069FE9995CB1FBAFABC5EA360D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.888{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.888{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.887{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.887{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.839{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 354300x8000000000000000239132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.661{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-65498- 354300x8000000000000000239131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.660{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55462- 354300x8000000000000000239130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.658{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58284- 354300x8000000000000000239129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57470- 354300x8000000000000000239128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58745- 354300x8000000000000000239127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50949- 354300x8000000000000000239126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.640{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64896-false141.193.213.20-443https 354300x8000000000000000239125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.639{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55698- 354300x8000000000000000239124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59157- 354300x8000000000000000239123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55680- 354300x8000000000000000239122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49976- 354300x8000000000000000239121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58531- 354300x8000000000000000239120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56487- 354300x8000000000000000239119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.633{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55462- 354300x8000000000000000239118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.633{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60609- 354300x8000000000000000239117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.632{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58284- 354300x8000000000000000239116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.631{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60984- 354300x8000000000000000239115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.629{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57314- 354300x8000000000000000239114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.578{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64894-false151.101.114.137-443https 354300x8000000000000000239113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.578{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64893-false13.225.87.106server-13-225-87-106.fra2.r.cloudfront.net443https 354300x8000000000000000239112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.577{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54926-false172.67.176.45-443https 354300x8000000000000000239111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.566{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64888-false188.120.242.106-443https 354300x8000000000000000239110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.560{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64892-false172.67.73.206-443https 354300x8000000000000000239109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.553{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64890-false142.250.184.193fra24s11-in-f1.1e100.net443https 354300x8000000000000000239108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.553{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64891-false104.26.4.190-443https 354300x8000000000000000239107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.552{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64889-false172.67.215.136-443https 354300x8000000000000000239106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54925- 354300x8000000000000000239105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.547{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57515- 354300x8000000000000000239104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.544{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55618- 354300x8000000000000000239103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.543{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58178- 354300x8000000000000000239102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.541{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53716- 354300x8000000000000000239101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58938- 354300x8000000000000000239100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57268- 354300x8000000000000000239099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50565- 354300x8000000000000000239098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.539{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60388- 354300x8000000000000000239097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.539{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58771- 354300x8000000000000000239096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.531{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52668- 354300x8000000000000000239095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60670- 354300x8000000000000000239094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61369- 354300x8000000000000000239093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50359- 354300x8000000000000000239092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.529{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50747- 354300x8000000000000000239091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.529{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64887-false18.66.92.211-443https 354300x8000000000000000239090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.523{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55400- 354300x8000000000000000239089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.522{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56410- 354300x8000000000000000239088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.522{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57839- 354300x8000000000000000239087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.522{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50284- 354300x8000000000000000239086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.517{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59861- 354300x8000000000000000239085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.516{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64886-false13.224.193.55server-13-224-193-55.fra2.r.cloudfront.net443https 354300x8000000000000000239084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.508{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49237- 354300x8000000000000000239083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.501{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58834- 354300x8000000000000000239082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.495{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52767- 354300x8000000000000000239081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.494{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58126- 354300x8000000000000000239080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51028- 354300x8000000000000000239079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51034- 354300x8000000000000000239078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.482{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64885-false172.67.74.59-443https 354300x8000000000000000239077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.482{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58073- 354300x8000000000000000239076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60734- 354300x8000000000000000239075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49967- 354300x8000000000000000239074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.477{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60523- 354300x8000000000000000239073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.477{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57290- 354300x8000000000000000239072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.476{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54889- 354300x8000000000000000239071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.473{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55673- 354300x8000000000000000239070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.467{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52996- 354300x8000000000000000239069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.467{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55397- 354300x8000000000000000239068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.466{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58976- 354300x8000000000000000239067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.461{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51034- 354300x8000000000000000239066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.460{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57260- 354300x8000000000000000239065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.455{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60734- 354300x8000000000000000239064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.452{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56571- 354300x8000000000000000239063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.451{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51321- 354300x8000000000000000239062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.446{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58766- 354300x8000000000000000239061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.443{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64881-false217.160.0.62217-160-0-62.elastic-ssl.ui-r.com443https 354300x8000000000000000239060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.442{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64884-false151.101.112.193-443https 354300x8000000000000000239059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64883-false104.21.73.196-443https 354300x8000000000000000239058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64882-false151.101.112.193-443https 354300x8000000000000000239057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64877-false85.25.213.73gallery.yopriceville.com443https 354300x8000000000000000239056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64878-false142.250.184.193fra24s11-in-f1.1e100.net443https 354300x8000000000000000239055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.440{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64880-false172.67.176.45-443https 354300x8000000000000000239054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.440{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64879-false18.66.92.211-443https 354300x8000000000000000239053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.438{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57545- 354300x8000000000000000239052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.438{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-65500- 354300x8000000000000000239051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.428{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56893- 354300x8000000000000000239050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.427{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51321- 354300x8000000000000000239049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.423{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56391- 354300x8000000000000000239048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.422{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56623- 354300x8000000000000000239047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.422{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51213- 354300x8000000000000000239046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.419{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60268- 354300x8000000000000000239045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.419{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60250- 354300x8000000000000000239044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.416{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60437- 10341000x8000000000000000239043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.744{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.744{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.743{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000239040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.676{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=798A01BDCE261A9FEF0564396FB879AA,SHA256=D1A74B890FE5A5ABFD4B3560022BF3A3923D95C968D7AD545FEEF8A80005C966,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.656{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.641{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.621{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.412{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65500- 354300x8000000000000000239035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.412{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57545- 354300x8000000000000000239034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.410{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65499- 354300x8000000000000000239033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.409{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50755- 354300x8000000000000000239032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.408{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60563- 354300x8000000000000000239031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.408{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65498- 354300x8000000000000000239030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64876-false13.225.83.163server-13-225-83-163.fra2.r.cloudfront.net443https 354300x8000000000000000239029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58831- 354300x8000000000000000239028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53374- 354300x8000000000000000239027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64875-false104.26.4.228-443https 354300x8000000000000000239026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.401{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58120- 354300x8000000000000000239025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.401{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50335- 354300x8000000000000000239024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.394{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60268- 354300x8000000000000000239023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.394{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60250- 354300x8000000000000000239022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.392{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57326- 354300x8000000000000000239021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.391{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53103- 354300x8000000000000000239020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.390{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52625- 354300x8000000000000000239019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.370{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53527-false142.250.185.106fra16s49-in-f10.1e100.net443https 354300x8000000000000000239018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.368{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59954- 354300x8000000000000000239017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.362{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53526- 354300x8000000000000000239016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.353{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local52396-false142.250.185.232fra16s53-in-f8.1e100.net443https 354300x8000000000000000239015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.349{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local52395-false172.67.140.13-443https 354300x8000000000000000239014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.336{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64874-false142.250.186.67fra24s05-in-f3.1e100.net80http 354300x8000000000000000239013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.287{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52394- 354300x8000000000000000239012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.282{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55244- 354300x8000000000000000239011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.248{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64873-false142.250.185.232fra16s53-in-f8.1e100.net443https 354300x8000000000000000239010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.247{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64872-false172.67.140.13-443https 354300x8000000000000000239009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64871-false172.67.140.13-443https 354300x8000000000000000239008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64869-false172.67.140.13-443https 354300x8000000000000000239007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.244{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64870-false172.67.140.13-443https 354300x8000000000000000239006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.233{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58067- 354300x8000000000000000239005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.233{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57425- 354300x8000000000000000239004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.233{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59096- 354300x8000000000000000239003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-49932- 354300x8000000000000000239002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58018- 354300x8000000000000000239001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64868-false142.250.185.106fra16s49-in-f10.1e100.net443https 354300x8000000000000000239000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54888- 354300x8000000000000000238999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.226{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58205- 354300x8000000000000000238998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.212{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56270- 354300x8000000000000000238997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.212{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56685- 354300x8000000000000000238996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.210{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64867-false13.32.121.122server-13-32-121-122.fra60.r.cloudfront.net443https 354300x8000000000000000238995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.209{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49932- 354300x8000000000000000238994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.206{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54434- 354300x8000000000000000238993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.202{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58018- 354300x8000000000000000238992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55788- 10341000x8000000000000000238991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.447{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.442{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.441{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.307{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.301{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.300{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.294{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000238978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.649{6EDEAD03-E420-615E-0601-00000000FD01}6016gstaticadssl.l.google.com0216.58.212.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.648{6EDEAD03-E420-615E-0601-00000000FD01}6016futurity.org0128.151.77.219;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.646{6EDEAD03-E420-615E-0601-00000000FD01}6016www.futurity.org0type: 5 futurity.org;::ffff:128.151.77.219;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.644{6EDEAD03-E420-615E-0601-00000000FD01}6016proxy1.frontrunnerpro.com098.129.167.1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.643{6EDEAD03-E420-615E-0601-00000000FD01}6016www.lassahnfuneralhomes.com0type: 5 proxy1.frontrunnerpro.com;::ffff:98.129.167.1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.560{6EDEAD03-E420-615E-0601-00000000FD01}6016k.sni.global.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016k.sni.global.fastly.net0151.101.114.137;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.engine.4dsply.com02606:4700::6810:9f11;2606:4700::6810:9e11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016player.ex.co0type: 5 k.sni.global.fastly.net;::ffff:151.101.114.137;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016test.quantcast.mgr.consensu.org02600:9000:225e:2e00:3:a4cd:8380:93a1;2600:9000:225e:1400:3:a4cd:8380:93a1;2600:9000:225e:a600:3:a4cd:8380:93a1;2600:9000:225e:ba00:3:a4cd:8380:93a1;2600:9000:225e:800:3:a4cd:8380:93a1;2600:9000:225e:3c00:3:a4cd:8380:93a1;2600:9000:225e:b800:3:a4cd:8380:93a1;2600:9000:225e:ec00:3:a4cd:8380:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.553{6EDEAD03-E420-615E-0601-00000000FD01}6016d23p84anwf0tgh.cloudfront.net02600:9000:2251:9a00:1f:c89d:840:93a1;2600:9000:2251:8200:1f:c89d:840:93a1;2600:9000:2251:a200:1f:c89d:840:93a1;2600:9000:2251:1c00:1f:c89d:840:93a1;2600:9000:2251:b000:1f:c89d:840:93a1;2600:9000:2251:8a00:1f:c89d:840:93a1;2600:9000:2251:bc00:1f:c89d:840:93a1;2600:9000:2251:f000:1f:c89d:840:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.552{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.engine.4dsply.com0104.16.159.17;104.16.158.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.551{6EDEAD03-E420-615E-0601-00000000FD01}6016a1887.dscq.akamai.net02a02:26f0:1700:f::1737:a194;2a02:26f0:1700:f::1737:a1a4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.551{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.engine.4dsply.com0::ffff:104.16.158.17;::ffff:104.16.159.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.549{6EDEAD03-E420-615E-0601-00000000FD01}6016test.quantcast.mgr.consensu.org013.225.87.110;13.225.87.32;13.225.87.125;13.225.87.106;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.549{6EDEAD03-E420-615E-0601-00000000FD01}6016a1887.dscq.akamai.net02.22.118.146;2.22.118.162;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E420-615E-0601-00000000FD01}6016d23p84anwf0tgh.cloudfront.net013.32.99.34;13.32.99.63;13.32.99.19;13.32.99.56;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E420-615E-0601-00000000FD01}6016jsc.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E420-615E-0601-00000000FD01}6016community-assets.home-assistant.io02606:4700:20::ac43:445a;2606:4700:20::681a:5ee;2606:4700:20::681a:4ee;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.543{6EDEAD03-E420-615E-0601-00000000FD01}6016en.metal-tracker.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.541{6EDEAD03-E420-615E-0601-00000000FD01}6016test.quantcast.mgr.consensu.org0::ffff:13.225.87.106;::ffff:13.225.87.110;::ffff:13.225.87.32;::ffff:13.225.87.125;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E420-615E-0601-00000000FD01}6016community-assets.home-assistant.io0104.26.5.238;104.26.4.238;172.67.68.90;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.539{6EDEAD03-E420-615E-0601-00000000FD01}6016jsc.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.538{6EDEAD03-E420-615E-0601-00000000FD01}6016cbslocal.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.538{6EDEAD03-E420-615E-0601-00000000FD01}6016d3inagkmqs1m6q.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.538{6EDEAD03-E420-615E-0601-00000000FD01}6016r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:2.22.118.162;::ffff:2.22.118.146;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.531{6EDEAD03-E420-615E-0601-00000000FD01}6016en.metal-tracker.com092.63.104.16;188.120.240.253;188.120.242.106;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E420-615E-0601-00000000FD01}6016d3inagkmqs1m6q.cloudfront.net013.224.193.96;13.224.193.129;13.224.193.40;13.224.193.55;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E420-615E-0601-00000000FD01}6016communities.bentley.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.529{6EDEAD03-E420-615E-0601-00000000FD01}6016cbslocal.com0192.0.66.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.525{6EDEAD03-E420-615E-0601-00000000FD01}6016www.stgeorgeutah.com02606:4700:20::681a:abd;2606:4700:20::ac43:49ce;2606:4700:20::681a:bbd;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.525{6EDEAD03-E420-615E-0601-00000000FD01}6016trickbd.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.516{6EDEAD03-E420-615E-0601-00000000FD01}6016trickbd.com0104.21.35.73;172.67.215.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.515{6EDEAD03-E420-615E-0601-00000000FD01}6016communities.bentley.com045.60.31.181;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.514{6EDEAD03-E420-615E-0601-00000000FD01}6016barbadostoday.bb9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.505{6EDEAD03-E420-615E-0601-00000000FD01}6016www.stgeorgeutah.com0104.26.11.189;104.26.10.189;172.67.73.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.504{6EDEAD03-E420-615E-0601-00000000FD01}6016cimg4.ibsrv.net02606:4700:3030::6815:49c4;2606:4700:3033::ac43:94cb;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.500{6EDEAD03-E420-615E-0601-00000000FD01}6016de8zxmid6wwpr.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.500{6EDEAD03-E420-615E-0601-00000000FD01}6016b.dmlimg.com0type: 5 d23p84anwf0tgh.cloudfront.net;::ffff:13.32.99.56;::ffff:13.32.99.34;::ffff:13.32.99.63;::ffff:13.32.99.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.498{6EDEAD03-E420-615E-0601-00000000FD01}6016barbadostoday.bb0141.193.213.21;141.193.213.20;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.496{6EDEAD03-E420-615E-0601-00000000FD01}6016augustacrime.com02606:4700:20::681a:425;2606:4700:20::681a:525;2606:4700:20::ac43:4a3b;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.495{6EDEAD03-E420-615E-0601-00000000FD01}6016de8zxmid6wwpr.cloudfront.net013.35.253.7;13.35.253.37;13.35.253.34;13.35.253.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.492{6EDEAD03-E420-615E-0601-00000000FD01}6016fabwags.com02606:4700:20::681a:4be;2606:4700:20::681a:5be;2606:4700:20::ac43:4605;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.491{6EDEAD03-E420-615E-0601-00000000FD01}6016augustacrime.com0104.26.5.37;104.26.4.37;172.67.74.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.488{6EDEAD03-E420-615E-0601-00000000FD01}6016busyteacher.org02606:4700:3032::ac43:b02d;2606:4700:3035::6815:1f5f;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.487{6EDEAD03-E420-615E-0601-00000000FD01}6016jsc.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E420-615E-0601-00000000FD01}6016cimg4.ibsrv.net0172.67.148.203;104.21.73.196;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E420-615E-0601-00000000FD01}6016fabwags.com0104.26.5.190;172.67.70.5;104.26.4.190;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.484{6EDEAD03-E420-615E-0601-00000000FD01}6016ipv4.imgur.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.483{6EDEAD03-E420-615E-0601-00000000FD01}6016vbrichclient.com02001:8d8:100f:f000::211;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.482{6EDEAD03-E420-615E-0601-00000000FD01}6016vbrichclient.com0217.160.0.62;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E420-615E-0601-00000000FD01}6016ipv4.imgur.map.fastly.net0151.101.112.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E420-615E-0601-00000000FD01}6016busyteacher.org0104.21.31.95;172.67.176.45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.480{6EDEAD03-E420-615E-0601-00000000FD01}6016community-assets.home-assistant.io0::ffff:172.67.68.90;::ffff:104.26.5.238;::ffff:104.26.4.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.480{6EDEAD03-E420-615E-0601-00000000FD01}6016en.metal-tracker.com0::ffff:188.120.242.106;::ffff:92.63.104.16;::ffff:188.120.240.253;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.480{6EDEAD03-E420-615E-0601-00000000FD01}6016d3trabu2dfbdfb.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.476{6EDEAD03-E420-615E-0601-00000000FD01}6016d3trabu2dfbdfb.cloudfront.net018.66.92.119;18.66.92.167;18.66.92.144;18.66.92.211;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.475{6EDEAD03-E420-615E-0601-00000000FD01}6016assets.suredone.com0type: 5 d3inagkmqs1m6q.cloudfront.net;::ffff:13.224.193.55;::ffff:13.224.193.96;::ffff:13.224.193.129;::ffff:13.224.193.40;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.472{6EDEAD03-E420-615E-0601-00000000FD01}6016philadelphia.cbslocal.com0type: 5 cbslocal.com;::ffff:192.0.66.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.472{6EDEAD03-E420-615E-0601-00000000FD01}6016communities.bentley.com0::ffff:45.60.31.181;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.469{6EDEAD03-E420-615E-0601-00000000FD01}6016www.stgeorgeutah.com0::ffff:172.67.73.206;::ffff:104.26.11.189;::ffff:104.26.10.189;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.468{6EDEAD03-E420-615E-0601-00000000FD01}6016trickbd.com0::ffff:172.67.215.136;::ffff:104.21.35.73;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.463{6EDEAD03-E420-615E-0601-00000000FD01}6016barbadostoday.bb0::ffff:141.193.213.20;::ffff:141.193.213.21;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.460{6EDEAD03-E420-615E-0601-00000000FD01}6016h30434.www3.hp.com0type: 5 psg.lithium.com;type: 5 de8zxmid6wwpr.cloudfront.net;::ffff:13.35.253.80;::ffff:13.35.253.7;::ffff:13.35.253.37;::ffff:13.35.253.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.454{6EDEAD03-E420-615E-0601-00000000FD01}6016augustacrime.com0::ffff:172.67.74.59;::ffff:104.26.5.37;::ffff:104.26.4.37;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.454{6EDEAD03-E420-615E-0601-00000000FD01}6016photos-ugc.l.googleusercontent.com02a00:1450:4001:812::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.454{6EDEAD03-E420-615E-0601-00000000FD01}60161.bp.blogspot.com0type: 5 photos-ugc.l.googleusercontent.com;::ffff:142.250.184.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.450{6EDEAD03-E420-615E-0601-00000000FD01}6016fabwags.com0::ffff:104.26.4.190;::ffff:104.26.5.190;::ffff:172.67.70.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.435{6EDEAD03-E420-615E-0601-00000000FD01}6016cimg4.ibsrv.net0::ffff:104.21.73.196;::ffff:172.67.148.203;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.435{6EDEAD03-E420-615E-0601-00000000FD01}6016i.imgur.com0type: 5 ipv4.imgur.map.fastly.net;::ffff:151.101.112.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.432{6EDEAD03-E420-615E-0601-00000000FD01}6016photos-ugc.l.googleusercontent.com0142.250.184.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.430{6EDEAD03-E420-615E-0601-00000000FD01}6016busyteacher.org0::ffff:172.67.176.45;::ffff:104.21.31.95;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.430{6EDEAD03-E420-615E-0601-00000000FD01}6016d3trabu2dfbdfb.cloudfront.net0::ffff:18.66.92.211;::ffff:18.66.92.119;::ffff:18.66.92.167;::ffff:18.66.92.144;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.430{6EDEAD03-E420-615E-0601-00000000FD01}6016vbrichclient.com0::ffff:217.160.0.62;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.423{6EDEAD03-E420-615E-0601-00000000FD01}6016gallery.yopriceville.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.420{6EDEAD03-E420-615E-0601-00000000FD01}60163.bp.blogspot.com0type: 5 photos-ugc.l.googleusercontent.com;::ffff:142.250.184.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.420{6EDEAD03-E420-615E-0601-00000000FD01}6016sarkariyojana.com02606:4700:20::681a:5e4;2606:4700:20::ac43:4978;2606:4700:20::681a:4e4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.417{6EDEAD03-E420-615E-0601-00000000FD01}6016d3j7xsc0vda5xv.cloudfront.net02600:9000:2240:fe00:0:5a51:64c9:c681;2600:9000:2240:cc00:0:5a51:64c9:c681;2600:9000:2240:d200:0:5a51:64c9:c681;2600:9000:2240:ce00:0:5a51:64c9:c681;2600:9000:2240:de00:0:5a51:64c9:c681;2600:9000:2240:3600:0:5a51:64c9:c681;2600:9000:2240:2c00:0:5a51:64c9:c681;2600:9000:2240:c000:0:5a51:64c9:c681;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.413{6EDEAD03-E420-615E-0601-00000000FD01}6016gallery.yopriceville.com085.25.213.73;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.412{6EDEAD03-E420-615E-0601-00000000FD01}6016gallery.yopriceville.com0::ffff:85.25.213.73;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.411{6EDEAD03-E420-615E-0601-00000000FD01}6016d3j7xsc0vda5xv.cloudfront.net013.225.83.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.411{6EDEAD03-E420-615E-0601-00000000FD01}6016sarkariyojana.com0104.26.5.228;172.67.73.120;104.26.4.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.409{6EDEAD03-E420-615E-0601-00000000FD01}6016c8.staticflickr.com0type: 5 d3j7xsc0vda5xv.cloudfront.net;::ffff:13.225.83.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.409{6EDEAD03-E420-615E-0601-00000000FD01}6016sarkariyojana.com0::ffff:104.26.4.228;::ffff:104.26.5.228;::ffff:172.67.73.120;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016www.rssing.com02606:4700:3032::6815:5ed0;2606:4700:3032::ac43:8c0d;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016www-googletagmanager.l.google.com02a00:1450:4001:80e::2008;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.242{6EDEAD03-E420-615E-0601-00000000FD01}6016www.rssing.com0172.67.140.13;104.21.94.208;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.237{6EDEAD03-E420-615E-0601-00000000FD01}6016www.rssing.com0::ffff:172.67.140.13;::ffff:104.21.94.208;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.236{6EDEAD03-E420-615E-0601-00000000FD01}6016quantcast.mgr.consensu.org02600:9000:2240:1800:9:46dc:4700:93a1;2600:9000:2240:1400:9:46dc:4700:93a1;2600:9000:2240:6c00:9:46dc:4700:93a1;2600:9000:2240:f000:9:46dc:4700:93a1;2600:9000:2240:e00:9:46dc:4700:93a1;2600:9000:2240:3a00:9:46dc:4700:93a1;2600:9000:2240:8c00:9:46dc:4700:93a1;2600:9000:2240:1e00:9:46dc:4700:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.221{6EDEAD03-E420-615E-0601-00000000FD01}6016quantcast.mgr.consensu.org013.32.121.65;13.32.121.100;13.32.121.44;13.32.121.122;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.215{6EDEAD03-E420-615E-0601-00000000FD01}6016quantcast.mgr.consensu.org0::ffff:13.32.121.122;::ffff:13.32.121.65;::ffff:13.32.121.100;::ffff:13.32.121.44;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.023{6EDEAD03-E420-615E-0601-00000000FD01}6016managed670.rssing.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.015{6EDEAD03-E420-615E-0601-00000000FD01}6016managed670.rssing.com0185.150.190.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.014{6EDEAD03-E420-615E-0601-00000000FD01}6016managed670.rssing.com0::ffff:185.150.190.192;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.980{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.974{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.814{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 354300x8000000000000000239211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.660{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54888- 354300x8000000000000000239210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.659{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58122- 354300x8000000000000000239209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65501- 354300x8000000000000000239208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58229- 354300x8000000000000000239207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50847- 354300x8000000000000000239206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55862- 354300x8000000000000000239205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52182- 354300x8000000000000000239204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58122- 354300x8000000000000000239203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.633{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52083- 354300x8000000000000000239202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.632{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61357- 354300x8000000000000000239201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.616{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64914-false54.145.239.115ec2-54-145-239-115.compute-1.amazonaws.com443https 354300x8000000000000000239200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50664- 354300x8000000000000000239199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.529{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56370- 354300x8000000000000000239198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.524{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50908- 23542300x8000000000000000239197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.731{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=570301C15F32B8960921485D746B0BD4,SHA256=8280E057FB7A3EC1DF6667A3D4C75CA0A02F91A2A12F57E976ABE9244DBA7A13,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.628{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.626{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.855{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000213953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.432{49C67628-E803-615E-5201-00000000FE01}34203860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.183{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000239194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.623{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.623{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.388{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55505- 354300x8000000000000000239191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.355{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57309-false216.58.212.131ams15s21-in-f131.1e100.net443https 354300x8000000000000000239190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.338{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64913-false157.90.33.68sub1.1push.io443https 354300x8000000000000000239189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.327{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57308-false172.67.68.90-443https 354300x8000000000000000239188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.322{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53948-false141.193.213.20-443https 354300x8000000000000000239187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.320{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64912-false142.250.186.67fra24s05-in-f3.1e100.net80http 354300x8000000000000000239186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.289{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57307- 354300x8000000000000000239185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.283{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64911-false151.139.128.14-80http 354300x8000000000000000239184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.273{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53947- 354300x8000000000000000239183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.252{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64910-false45.83.104.61eu1.getlark.com443https 354300x8000000000000000239182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.245{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53947- 354300x8000000000000000239181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.213{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61449- 354300x8000000000000000239180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.209{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55046- 354300x8000000000000000239179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.205{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60238- 10341000x8000000000000000239178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.485{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+22a8692|C:\Program Files\Mozilla Firefox\xul.dll+34b3fbc|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.324{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=405C0DEB7D0259067C566B4AE67C7DF2,SHA256=EFD9BE747B29ECF6DE0F3D71A5592DC9CF389B0B874F84650EE148F466991598,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.162{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54226- 354300x8000000000000000239175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.161{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50607- 354300x8000000000000000239174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.156{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64909-false2.22.118.162a2-22-118-162.deploy.static.akamaitechnologies.com80http 354300x8000000000000000239173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.026{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57475-false172.67.215.136-443https 354300x8000000000000000239172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.960{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57474-false104.26.4.190-443https 354300x8000000000000000239171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.949{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64908-false2.22.118.162a2-22-118-162.deploy.static.akamaitechnologies.com80http 354300x8000000000000000239170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.946{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57473-false142.250.184.193fra24s11-in-f1.1e100.net443https 23542300x8000000000000000239169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.202{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=927B98001EDC8286456D42F42D46C7E9,SHA256=626824C454CAF0F47C7334627746EDB9B377CAE4653A514EB18C6ABEE3BE617F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.171{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.715{6EDEAD03-E420-615E-0601-00000000FD01}6016www-google-analytics.l.google.com0142.250.186.78;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.542{6EDEAD03-E420-615E-0601-00000000FD01}6016prd-collector-anon.ex.co9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.538{6EDEAD03-E420-615E-0601-00000000FD01}6016prd-collector-anon.ex.co018.235.17.58;34.193.25.178;54.164.123.106;54.88.209.254;3.208.219.24;54.145.239.115;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.535{6EDEAD03-E420-615E-0601-00000000FD01}6016prd-collector-anon.ex.co0::ffff:54.145.239.115;::ffff:18.235.17.58;::ffff:34.193.25.178;::ffff:54.164.123.106;::ffff:54.88.209.254;::ffff:3.208.219.24;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.414{6EDEAD03-E420-615E-0601-00000000FD01}6016e4016.a.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.404{6EDEAD03-E420-615E-0601-00000000FD01}6016e4016.a.akamaiedge.net0104.75.88.126;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.313{6EDEAD03-E420-615E-0601-00000000FD01}6016system-notify.app9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.297{6EDEAD03-E420-615E-0601-00000000FD01}6016system-notify.app0157.90.33.72;157.90.33.68;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.296{6EDEAD03-E420-615E-0601-00000000FD01}6016system-notify.app0::ffff:157.90.33.68;::ffff:157.90.33.72;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.178{6EDEAD03-E420-615E-0601-00000000FD01}6016filmfestivals.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.171{6EDEAD03-E420-615E-0601-00000000FD01}6016filmfestivals.com045.83.104.61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.169{6EDEAD03-E420-615E-0601-00000000FD01}6016www.filmfestivals.com0type: 5 filmfestivals.com;::ffff:45.83.104.61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.778{6EDEAD03-E420-615E-0601-00000000FD01}6016proxy1.frontrunnerpro.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.740{6EDEAD03-E420-615E-0601-00000000FD01}6016futurity.org9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.652{6EDEAD03-E420-615E-0601-00000000FD01}6016gstaticadssl.l.google.com02a00:1450:4001:82f::2003;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.850{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64906-false216.58.212.131ams15s21-in-f131.1e100.net443https 354300x8000000000000000239151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.849{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64907-false216.58.212.131ams15s21-in-f131.1e100.net443https 354300x8000000000000000239150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.834{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57472-false172.67.74.59-443https 354300x8000000000000000239149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.803{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64898-false98.129.167.1-443https 354300x8000000000000000239148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.791{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64905-false2.22.118.162a2-22-118-162.deploy.static.akamaitechnologies.com80http 354300x8000000000000000239147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.764{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64899-false128.151.77.219-443https 354300x8000000000000000239146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.754{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64901-false172.67.68.90-443https 354300x8000000000000000239145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.754{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64904-false13.32.99.56server-13-32-99-56.fra60.r.cloudfront.net443https 354300x8000000000000000239144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.753{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64903-false13.32.99.56server-13-32-99-56.fra60.r.cloudfront.net443https 354300x8000000000000000239143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.753{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64902-false13.32.99.56server-13-32-99-56.fra60.r.cloudfront.net443https 354300x8000000000000000239142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.753{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64900-false192.0.66.136-443https 354300x8000000000000000239141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.739{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64895-false45.60.31.181-443https 354300x8000000000000000239140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.672{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64897-false142.250.184.193fra24s11-in-f1.1e100.net443https 354300x8000000000000000239139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.672{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57471-false104.21.73.196-443https 354300x8000000000000000239138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.665{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58745- 23542300x8000000000000000239326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.773{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=687F018B93783C4F3658E6A295676878,SHA256=E436532B1A5DB52BB19A563EE3F99431CFA1E40B9A2AF21053F21B7BB411CE1A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.671{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57336- 354300x8000000000000000239324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57336- 354300x8000000000000000239323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53894- 354300x8000000000000000239322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58615- 354300x8000000000000000239321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54167- 354300x8000000000000000239320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50628- 354300x8000000000000000239319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59764- 354300x8000000000000000239318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57512- 354300x8000000000000000239317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56152- 354300x8000000000000000239316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51599- 354300x8000000000000000239315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.585{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57710- 354300x8000000000000000239314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.582{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64937-false95.101.83.57a95-101-83-57.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.577{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60283- 354300x8000000000000000239312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.576{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60501- 23542300x8000000000000000239311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.754{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF5349C34A164A07A8CF9786BBB30304,SHA256=FA3693DC7684624E2EFCECC4DB53235F4A0490FAF6F19F54540F50A67679B56D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.511{49C67628-E804-615E-5401-00000000FE01}32083568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.370{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86D99273AEA7669EC6C94671F5E4DBB9,SHA256=F5D30C8FD4F3250733821D74D1CE3503B6D7EAFCB90AA759D44009F65AE03403,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.355{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51C342C89990D7312F0EDDC293025643,SHA256=57658F519B524D004780F7C0B482616E19D51A0D33CFD8624D48CE7A8BA43ECE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.090{49C67628-E803-615E-5301-00000000FE01}33401600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.363{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64935-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.363{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64932-false104.16.158.17-443https 354300x8000000000000000239308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.363{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64931-false18.66.97.30-443https 354300x8000000000000000239307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.362{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64936-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.361{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64934-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.361{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64933-false23.210.254.213a23-210-254-213.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.336{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58829- 354300x8000000000000000239303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.327{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52019- 354300x8000000000000000239302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.247{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49259- 354300x8000000000000000239301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.247{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52840- 354300x8000000000000000239300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.232{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51159- 354300x8000000000000000239299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.223{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58163- 354300x8000000000000000239298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.207{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58962- 354300x8000000000000000239297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.189{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64930-false104.101.101.199a104-101-101-199.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.188{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53465- 10341000x8000000000000000239295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.463{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.459{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.446{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.431{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.430{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.421{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.414{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.414{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.413{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.366{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.366{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.323{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.321{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.178{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50474- 354300x8000000000000000239281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.150{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51848- 354300x8000000000000000239280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.150{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64929-false52.222.250.154server-52-222-250-154.fra60.r.cloudfront.net80http 354300x8000000000000000239279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.149{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60315- 354300x8000000000000000239278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.145{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60224- 354300x8000000000000000239277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.031{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64925-false3.232.170.59ec2-3-232-170-59.compute-1.amazonaws.com443https 354300x8000000000000000239276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.021{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64928-false2.16.218.216a2-16-218-216.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.006{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64927-false2.16.218.216a2-16-218-216.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.005{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53089- 354300x8000000000000000239273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.005{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59934- 354300x8000000000000000239272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.997{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59981- 354300x8000000000000000239271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.971{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64926-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.970{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54977- 354300x8000000000000000239269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.967{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57646- 354300x8000000000000000239268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.942{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local58442-false142.250.74.194fra24s02-in-f2.1e100.net443https 354300x8000000000000000239267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.937{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58441- 10341000x8000000000000000239266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.100{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+1e56e50 22542200x8000000000000000239265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.601{6EDEAD03-E420-615E-0601-00000000FD01}6016track1.aniview.com0type: 5 tracking-1611167402.us-east-1.elb.amazonaws.com;::ffff:34.199.127.9;::ffff:34.201.197.184;::ffff:52.86.227.90;::ffff:52.73.70.207;::ffff:18.232.230.29;::ffff:34.225.64.38;::ffff:3.232.170.59;::ffff:34.196.151.221;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.592{6EDEAD03-E420-615E-0601-00000000FD01}6016e93115.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.585{6EDEAD03-E420-615E-0601-00000000FD01}6016e93115.g.akamaiedge.net095.101.83.171;95.101.83.57;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.584{6EDEAD03-E420-615E-0601-00000000FD01}6016mcd.ex.co0type: 5 mcd.ex.co.edgekey.net;type: 5 e93115.g.akamaiedge.net;::ffff:95.101.83.57;::ffff:95.101.83.171;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.349{6EDEAD03-E420-615E-0601-00000000FD01}6016e13136.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.346{6EDEAD03-E420-615E-0601-00000000FD01}6016e13136.g.akamaiedge.net023.210.254.213;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.343{6EDEAD03-E420-615E-0601-00000000FD01}6016v1.addthisedge.com0type: 5 v1.addthisedge.com.edgekey.net;type: 5 e4016.a.akamaiedge.net;::ffff:104.75.88.126;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.264{6EDEAD03-E420-615E-0601-00000000FD01}6016engine.4dsply.com02606:4700::6810:9e11;2606:4700::6810:9f11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.256{6EDEAD03-E420-615E-0601-00000000FD01}6016engine.4dsply.com0104.16.159.17;104.16.158.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.255{6EDEAD03-E420-615E-0601-00000000FD01}6016engine.4dsply.com0::ffff:104.16.158.17;::ffff:104.16.159.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.239{6EDEAD03-E420-615E-0601-00000000FD01}6016d2fashanjl7d9f.cloudfront.net02600:9000:223c:ac00:6:44e3:f8c0:93a1;2600:9000:223c:5000:6:44e3:f8c0:93a1;2600:9000:223c:a600:6:44e3:f8c0:93a1;2600:9000:223c:8200:6:44e3:f8c0:93a1;2600:9000:223c:7e00:6:44e3:f8c0:93a1;2600:9000:223c:f400:6:44e3:f8c0:93a1;2600:9000:223c:c000:6:44e3:f8c0:93a1;2600:9000:223c:6400:6:44e3:f8c0:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.231{6EDEAD03-E420-615E-0601-00000000FD01}6016d2fashanjl7d9f.cloudfront.net018.66.97.81;18.66.97.31;18.66.97.52;18.66.97.30;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.203{6EDEAD03-E420-615E-0601-00000000FD01}6016e11385.dscd.akamaiedge.net02a02:26f0:d6:4b5::2c79;2a02:26f0:d6:49d::2c79;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.198{6EDEAD03-E420-615E-0601-00000000FD01}6016e11385.dscd.akamaiedge.net0104.101.101.199;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.195{6EDEAD03-E420-615E-0601-00000000FD01}6016player.aniview.com0type: 5 wildcard.aniview.com.edgekey.net;type: 5 e11385.dscd.akamaiedge.net;::ffff:104.101.101.199;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.029{6EDEAD03-E420-615E-0601-00000000FD01}6016e16009.dscd.akamaiedge.net02a02:26f0:1700:7::17d5:a1cb;2a02:26f0:1700:7::17d5:a1ce;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.014{6EDEAD03-E420-615E-0601-00000000FD01}6016e16009.dscd.akamaiedge.net02.16.218.67;2.16.218.216;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.012{6EDEAD03-E420-615E-0601-00000000FD01}6016player.avplayer.com0type: 5 player.avplayer.com.edgekey.net;type: 5 e16009.dscd.akamaiedge.net;::ffff:2.16.218.216;::ffff:2.16.218.67;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.956{6EDEAD03-E420-615E-0601-00000000FD01}6016tracking-1611167402.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.952{6EDEAD03-E420-615E-0601-00000000FD01}6016tracking-1611167402.us-east-1.elb.amazonaws.com034.196.151.221;34.199.127.9;34.201.197.184;52.86.227.90;52.73.70.207;18.232.230.29;34.225.64.38;3.232.170.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.951{6EDEAD03-E420-615E-0601-00000000FD01}6016atrack.avplayer.com0type: 5 tracking-1611167402.us-east-1.elb.amazonaws.com;::ffff:3.232.170.59;::ffff:34.196.151.221;::ffff:34.199.127.9;::ffff:34.201.197.184;::ffff:52.86.227.90;::ffff:52.73.70.207;::ffff:18.232.230.29;::ffff:34.225.64.38;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.070{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.023{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.023{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.919{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59615-false104.16.158.17-443https 354300x8000000000000000239233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.906{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59614-false104.18.16.65-443https 354300x8000000000000000239232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.905{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59613-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000239231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.884{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64924-false93.184.220.29-80http 354300x8000000000000000239230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.883{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64923-false93.184.220.29-80http 10341000x8000000000000000239229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.021{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.848{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59612- 354300x8000000000000000239227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.847{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50421- 354300x8000000000000000239226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.845{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61331- 354300x8000000000000000239225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.810{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64922-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000239224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.810{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64921-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64920-false91.228.74.189-443https 354300x8000000000000000239222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64919-false104.16.158.17-443https 354300x8000000000000000239221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64918-false104.18.16.65-443https 354300x8000000000000000239220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64916-false91.228.74.189-443https 354300x8000000000000000239219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64917-false13.35.253.80server-13-35-253-80.fra6.r.cloudfront.net443https 354300x8000000000000000239218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.808{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64915-false142.250.74.194fra24s02-in-f2.1e100.net443https 354300x8000000000000000239217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.706{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51829- 354300x8000000000000000239216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.706{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55140- 354300x8000000000000000239215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.703{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59701- 354300x8000000000000000239396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.662{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57445- 354300x8000000000000000239395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.639{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57009- 354300x8000000000000000239394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60472- 354300x8000000000000000239393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61288- 354300x8000000000000000239392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57445- 354300x8000000000000000239391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58867- 354300x8000000000000000239390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50212- 354300x8000000000000000239389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.613{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64948-false23.37.42.132a23-37-42-132.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.612{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58270- 354300x8000000000000000239387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.596{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58516- 354300x8000000000000000239386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.576{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64947-false185.33.221.52725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net443https 354300x8000000000000000239385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.556{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64946-false2.19.35.65a2-19-35-65.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.549{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56585- 354300x8000000000000000239383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.545{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58911- 354300x8000000000000000239382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52875- 354300x8000000000000000239381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51020- 354300x8000000000000000239380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.539{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58113- 354300x8000000000000000239379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.539{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64945-false23.210.253.92a23-210-253-92.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.538{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64944-false23.210.253.164a23-210-253-164.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.536{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57728- 354300x8000000000000000239376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.535{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52044- 354300x8000000000000000239375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.532{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59509- 354300x8000000000000000239374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.531{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57771- 354300x8000000000000000239373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54300- 10341000x8000000000000000213997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.512{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.151{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3820E2F357C678DA20022B0D5D8E77EF,SHA256=433DF06B0ADDF12AAB76B0969006783F6A7E7EAA12815723CCEDABC0BBBB9A82,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.208{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64943-false23.45.97.32a23-45-97-32.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55256- 354300x8000000000000000239370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52270- 354300x8000000000000000239369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.196{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53025- 354300x8000000000000000239368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.145{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64942-false13.224.193.34server-13-224-193-34.fra2.r.cloudfront.net443https 354300x8000000000000000239367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.144{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58424- 354300x8000000000000000239366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.140{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56110- 354300x8000000000000000239365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.130{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64939-false52.73.58.55ec2-52-73-58-55.compute-1.amazonaws.com443https 354300x8000000000000000239364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64941-false104.111.225.89a104-111-225-89.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.116{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53971- 354300x8000000000000000239362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.116{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50973- 354300x8000000000000000239361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.092{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64940-false172.67.140.13-443https 354300x8000000000000000239360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.092{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51172- 354300x8000000000000000239359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.091{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50837- 354300x8000000000000000239358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.087{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55203- 354300x8000000000000000239357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.039{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54466- 10341000x8000000000000000239356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.269{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.217{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\3484MD5=6D357C3EDC6EFFC4FC7601115CE27CFE,SHA256=F32A67467FE4E8F00D3491801B5215274FB1646FDA072653402F34E101005FDF,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.784{6EDEAD03-E420-615E-0601-00000000FD01}6016cookie-sync-1380929930.us-east-1.elb.amazonaws.com034.196.245.189;18.214.137.90;18.208.104.24;44.194.158.136;3.209.156.238;35.172.49.77;174.129.232.188;3.230.242.93;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.782{6EDEAD03-E420-615E-0601-00000000FD01}6016sync.aniview.com0type: 5 cookie-sync-1380929930.us-east-1.elb.amazonaws.com;::ffff:3.230.242.93;::ffff:34.196.245.189;::ffff:18.214.137.90;::ffff:18.208.104.24;::ffff:44.194.158.136;::ffff:3.209.156.238;::ffff:35.172.49.77;::ffff:174.129.232.188;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.740{6EDEAD03-E420-615E-0601-00000000FD01}6016v04.cap-ash1.technoratimedia.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.736{6EDEAD03-E420-615E-0601-00000000FD01}6016v04.cap-ash1.technoratimedia.com0150.136.156.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.734{6EDEAD03-E420-615E-0601-00000000FD01}6016shinez.technoratimedia.com0type: 5 adserver.technoratimedia.com;type: 5 v04.cap-ash1.technoratimedia.com;::ffff:150.136.156.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.628{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.b.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.621{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.b.akamaiedge.net023.37.42.132;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.550{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.e2.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.550{6EDEAD03-E420-615E-0601-00000000FD01}6016e8037.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.549{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.e2.akamaiedge.net02.19.35.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.548{6EDEAD03-E420-615E-0601-00000000FD01}6016e6603.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.548{6EDEAD03-E420-615E-0601-00000000FD01}6016e8037.g.akamaiedge.net023.210.253.164;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.545{6EDEAD03-E420-615E-0601-00000000FD01}6016e6603.g.akamaiedge.net023.210.253.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.212{6EDEAD03-E420-615E-0601-00000000FD01}6016e13630.dscb.akamaiedge.net02a02:26f0:1700:195::353e;2a02:26f0:1700:1b0::353e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.209{6EDEAD03-E420-615E-0601-00000000FD01}6016e13630.dscb.akamaiedge.net023.45.97.32;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.155{6EDEAD03-E420-615E-0601-00000000FD01}6016audit-tcfv2.quantcast.mgr.consensu.org9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.153{6EDEAD03-E420-615E-0601-00000000FD01}6016audit-tcfv2.quantcast.mgr.consensu.org013.224.193.10;13.224.193.104;13.224.193.80;13.224.193.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.152{6EDEAD03-E420-615E-0601-00000000FD01}6016audit-tcfv2.quantcast.mgr.consensu.org0::ffff:13.224.193.34;::ffff:13.224.193.10;::ffff:13.224.193.104;::ffff:13.224.193.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.130{6EDEAD03-E420-615E-0601-00000000FD01}6016e4346.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.125{6EDEAD03-E420-615E-0601-00000000FD01}6016e4346.g.akamaiedge.net0104.111.225.89;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.124{6EDEAD03-E420-615E-0601-00000000FD01}6016blogs.msdn.com0type: 5 blogs.msdn.com.edgekey.net;type: 5 e4346.g.akamaiedge.net;::ffff:104.111.225.89;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.104{6EDEAD03-E420-615E-0601-00000000FD01}6016a.rssing.com02606:4700:3032::ac43:8c0d;2606:4700:3032::6815:5ed0;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.100{6EDEAD03-E420-615E-0601-00000000FD01}6016a.rssing.com0104.21.94.208;172.67.140.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.099{6EDEAD03-E420-615E-0601-00000000FD01}6016a.rssing.com0::ffff:172.67.140.13;::ffff:104.21.94.208;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.055{6EDEAD03-E420-615E-0601-00000000FD01}6016premium-serving-428909459.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.052{6EDEAD03-E420-615E-0601-00000000FD01}6016premium-serving-428909459.us-east-1.elb.amazonaws.com03.224.226.7;75.101.235.47;35.153.40.211;35.173.4.119;52.205.96.140;52.73.58.55;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.051{6EDEAD03-E420-615E-0601-00000000FD01}6016premiumsrv.aniview.com0type: 5 premium-serving-428909459.us-east-1.elb.amazonaws.com;::ffff:52.73.58.55;::ffff:3.224.226.7;::ffff:75.101.235.47;::ffff:35.153.40.211;::ffff:35.173.4.119;::ffff:52.205.96.140;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.686{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64938-false34.199.127.9ec2-34-199-127-9.compute-1.amazonaws.com443https 354300x8000000000000000239462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.694{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64971-false142.250.186.70fra24s05-in-f6.1e100.net443https 354300x8000000000000000239461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.643{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59171- 354300x8000000000000000239460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59513- 354300x8000000000000000239459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.631{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64970-false142.250.186.70fra24s05-in-f6.1e100.net443https 354300x8000000000000000239458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.630{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52785- 354300x8000000000000000239457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.627{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local60089-false172.217.23.98mil04s23-in-f2.1e100.net443https 354300x8000000000000000239456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.626{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60088- 354300x8000000000000000239455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.603{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64969-false172.217.23.98mil04s23-in-f2.1e100.net443https 354300x8000000000000000239454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.599{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53762- 354300x8000000000000000239453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.569{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64968-false104.18.16.65-443https 354300x8000000000000000239452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.549{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64967-false104.18.16.65-443https 354300x8000000000000000239451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.470{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58509- 354300x8000000000000000239450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.438{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53610-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64966-false104.18.16.65-443https 354300x8000000000000000239448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64965-false104.18.16.65-443https 354300x8000000000000000239447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64964-false104.18.16.65-443https 354300x8000000000000000239446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64963-false104.18.16.65-443https 354300x8000000000000000239445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64962-false104.18.16.65-443https 354300x8000000000000000239444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.421{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64961-false104.18.16.65-443https 354300x8000000000000000239443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.398{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53609- 354300x8000000000000000239442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.383{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64960-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.382{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64959-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.375{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64958-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.363{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61077- 354300x8000000000000000239438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.363{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59023- 354300x8000000000000000239437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.260{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local55206-false104.19.130.80-443https 23542300x8000000000000000239436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.303{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=923C9D41AECDA5088910C5DC27C1149D,SHA256=E56FBF93FAF19EF67DF857423CC9B40302AFA08D14E72E5C2CBE4FD28ADF9BE1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.195{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64957-false104.18.16.65-443https 354300x8000000000000000239434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.195{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64956-false104.19.130.80-443https 354300x8000000000000000239433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.194{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64955-false104.18.16.65-443https 354300x8000000000000000239432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.173{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55204- 354300x8000000000000000239431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.172{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59192- 354300x8000000000000000239430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.163{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51967- 354300x8000000000000000239429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.134{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64954-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.053{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57255- 10341000x8000000000000000239427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.289{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.642{6EDEAD03-E420-615E-0601-00000000FD01}6016s0-2mdn-net.l.google.com02a00:1450:4001:827::2006;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.639{6EDEAD03-E420-615E-0601-00000000FD01}6016s0-2mdn-net.l.google.com0142.250.186.70;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.485{6EDEAD03-E420-615E-0601-00000000FD01}6016cm.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.480{6EDEAD03-E420-615E-0601-00000000FD01}6016cm.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.478{6EDEAD03-E420-615E-0601-00000000FD01}6016cm.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.417{6EDEAD03-E420-615E-0601-00000000FD01}6016s-img.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.406{6EDEAD03-E420-615E-0601-00000000FD01}6016s-img.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.405{6EDEAD03-E420-615E-0601-00000000FD01}6016s-img.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.191{6EDEAD03-E420-615E-0601-00000000FD01}6016servicer.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.181{6EDEAD03-E420-615E-0601-00000000FD01}6016servicer.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.180{6EDEAD03-E420-615E-0601-00000000FD01}6016servicer.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.902{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.adskeeper.co.uk9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.896{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.adskeeper.co.uk0104.19.133.80;104.19.132.80;104.19.134.80;104.19.131.80;104.19.130.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.894{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.adskeeper.co.uk0::ffff:104.19.130.80;::ffff:104.19.133.80;::ffff:104.19.132.80;::ffff:104.19.134.80;::ffff:104.19.131.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.875{6EDEAD03-E420-615E-0601-00000000FD01}6016c.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.868{6EDEAD03-E420-615E-0601-00000000FD01}6016c.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.866{6EDEAD03-E420-615E-0601-00000000FD01}6016c.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.793{6EDEAD03-E420-615E-0601-00000000FD01}6016cookie-sync-1380929930.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.887{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55972- 354300x8000000000000000239407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.886{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56552- 354300x8000000000000000239406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.876{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59944- 354300x8000000000000000239405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.861{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64953-false3.230.242.93ec2-3-230-242-93.compute-1.amazonaws.com443https 354300x8000000000000000239404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.859{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61178- 354300x8000000000000000239403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.836{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64951-false150.136.156.92-443https 354300x8000000000000000239402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.831{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64952-false150.136.156.92-443https 354300x8000000000000000239401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.818{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64949-false150.136.156.92-443https 354300x8000000000000000239400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.817{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64950-false150.136.156.92-443https 354300x8000000000000000239399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.774{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59920- 354300x8000000000000000239398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.727{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53969- 354300x8000000000000000239397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.727{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55090- 23542300x8000000000000000213999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:54.667{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E7C58B4BA9DFD163A12D76ECDC8F88B,SHA256=5FC8B41BAF9AB278B838DC619BB3B97AD11C1B08F822C521BDB7C2B0EBDDB808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:54.276{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26E37872CA7D3C8F7D59F6C84E5833D5,SHA256=C6807A317644B294F00025625B0CFE12BE1889CF4C2549AB39D5C3536EF89FCB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.675{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55867- 354300x8000000000000000239523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51116- 354300x8000000000000000239522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53219- 354300x8000000000000000239521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58632- 354300x8000000000000000239520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55867- 354300x8000000000000000239519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.648{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53678- 354300x8000000000000000239518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.645{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51890- 354300x8000000000000000239517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.553{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59951-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000239516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.508{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56597-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000239515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.507{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59950- 354300x8000000000000000239514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.507{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50211- 354300x8000000000000000239513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.493{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60286- 23542300x8000000000000000239512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.687{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\24752MD5=2EF8E35A0DFD09A3516D1AE749F25193,SHA256=89FB05474D6B2F974C5D5522370BF4D407FF312587B33AD11AF42FEAA791D732,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.676{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.675{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\indexMD5=2B96100899B0DBFC236DE5BDDF188A3B,SHA256=31CF2EE3EF2689E57A923DBFE305F4B79507B9D7D8BCDC10EE5CE5D9135406A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.601{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.601{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E427-615E-0F01-00000000FD01}6272C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.601{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E426-615E-0E01-00000000FD01}5452C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.600{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.600{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.581{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.579{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.579{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53705-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.219{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53704-false142.250.185.162fra16s51-in-f2.1e100.net443https 354300x8000000000000000239499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.207{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53703- 354300x8000000000000000239498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.206{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49242- 23542300x8000000000000000239497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.327{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F1BAC857135CFEFA52A7A236EEAD4AC,SHA256=D8DA6EDA7908A40B79F4163B96CB11DA13D78680D367CE2D33B79C9D201FD7BC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.138{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56596-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.125{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56595-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.110{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56594-false54.36.109.155p05.id5-sync.com443https 354300x8000000000000000239493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.076{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58178- 354300x8000000000000000239492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.062{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56593-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.053{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56592-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x8000000000000000239490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.053{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56592-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x8000000000000000239489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.052{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60946- 354300x8000000000000000239488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64975-false142.250.184.194fra24s11-in-f2.1e100.net443https 354300x8000000000000000239487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64974-false152.199.22.191-443https 354300x8000000000000000239486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60261- 354300x8000000000000000239485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58361- 354300x8000000000000000239484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.050{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64973-false151.101.113.108-443https 354300x8000000000000000239483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.049{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52005- 354300x8000000000000000239482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.049{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51860- 354300x8000000000000000239481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.044{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59317- 354300x8000000000000000239480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.044{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52614- 354300x8000000000000000239479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.968{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50792- 354300x8000000000000000239478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.965{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64972-false91.228.74.189-443https 354300x8000000000000000239477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.962{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55097- 354300x8000000000000000239476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.954{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60366- 22542200x8000000000000000239475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.518{6EDEAD03-E420-615E-0601-00000000FD01}6016pagead-googlehosted.l.google.com02a00:1450:4001:802::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.516{6EDEAD03-E420-615E-0601-00000000FD01}6016pagead-googlehosted.l.google.com0142.250.185.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.232{6EDEAD03-E420-615E-0601-00000000FD01}6016cs1561.wpc.edgecastcdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.068{6EDEAD03-E420-615E-0601-00000000FD01}6016id5-sync.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.064{6EDEAD03-E420-615E-0601-00000000FD01}6016id5-sync.com051.89.7.199;51.89.21.8;51.75.146.200;54.36.109.22;51.89.21.30;54.36.109.166;51.89.21.10;51.89.42.86;51.89.20.87;54.36.109.47;51.195.5.232;51.89.21.21;51.75.146.199;51.89.7.110;54.36.109.48;51.89.21.20;51.195.5.234;54.36.109.46;141.95.3.10;51.89.7.205;54.36.109.156;141.95.3.40;51.195.5.38;51.195.5.40;51.89.21.5;51.89.7.198;51.195.5.231;54.36.109.186;51.89.20.86;51.89.7.202;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.063{6EDEAD03-E420-615E-0601-00000000FD01}6016id5-sync.com0::ffff:54.36.109.155;::ffff:51.89.7.199;::ffff:51.89.21.8;::ffff:51.75.146.200;::ffff:54.36.109.22;::ffff:51.89.21.30;::ffff:54.36.109.166;::ffff:51.89.21.10;::ffff:51.89.42.86;::ffff:51.89.20.87;::ffff:54.36.109.47;::ffff:51.195.5.232;::ffff:51.89.21.21;::ffff:51.75.146.199;::ffff:51.89.7.110;::ffff:54.36.109.48;::ffff:51.89.21.20;::ffff:51.195.5.234;::ffff:54.36.109.46;::ffff:141.95.3.10;::ffff:51.89.7.205;::ffff:54.36.109.156;::ffff:141.95.3.40;::ffff:51.195.5.38;::ffff:51.195.5.40;::ffff:51.89.21.5;::ffff:51.89.7.198;::ffff:51.195.5.231;::ffff:54.36.109.186;::ffff:51.89.20.86;::ffff:51.89.7.202;::ffff:141.95.3.9;::ffff:54.36.109.49;::ffff:54.36.109.183;::ffff:141.95.34.105;::ffff:51.195.5.45;::ffff:51.89.42.88;::ffff:141.95.34.104;::ffff:51.89.21.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.060{6EDEAD03-E420-615E-0601-00000000FD01}6016prod.appnexus.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.058{6EDEAD03-E420-615E-0601-00000000FD01}6016adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:142.250.184.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.058{6EDEAD03-E420-615E-0601-00000000FD01}6016cs1561.wpc.edgecastcdn.net0152.199.22.191;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.058{6EDEAD03-E420-615E-0601-00000000FD01}6016prod.appnexus.map.fastly.net0151.101.113.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.057{6EDEAD03-E420-615E-0601-00000000FD01}6016ad-cdn.technoratimedia.com0type: 5 cs1561.wpc.edgecastcdn.net;::ffff:152.199.22.191;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.783{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65274-true2001:503:ba3e:0:0:0:2:30a.root-servers.net53domain 354300x8000000000000000239463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.750{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local65500-false142.250.186.70fra24s05-in-f6.1e100.net443https 23542300x8000000000000000214000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:55.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4162E8B4C2F16AD6DB7313F97E7F4847,SHA256=513BE4B55BD4F393AFB6CD63D5F71863B6E04334053412DD6971B469E8CAB4BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.726{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50033-false10.0.1.12-8000- 23542300x8000000000000000214001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:56.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=873AE488F8CE73F8C3C66FFAA3A1CBC3,SHA256=497EF37E9DA310A85B257BEDDBACE0F72F8E822A91A11F298B42DC214CB9BDEB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.883{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000239565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:28:56.859{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb76-0xe5ea6cc1) 354300x8000000000000000239564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.654{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49190- 354300x8000000000000000239563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.653{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53223- 354300x8000000000000000239562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.652{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58605- 354300x8000000000000000239561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.584{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63437-true2001:500:2f:0:0:0:0:f-53domain 10341000x8000000000000000239560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.730{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.660{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.628{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.626{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.626{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.619{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.614{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.599{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.598{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.596{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=0DE4CC0894176B6CBA790AE22CB97E0A,SHA256=E68903C6DE3CA3183708EAF642B2D518101EC9449363D12490FA5D9F253BA584,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.595{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.591{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.586{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=1A7CA23C2356FFBB3140A39610E47B27,SHA256=6FFC846B1E8E795E85F68B1EF13E4EC25C792C436A0186C03105B48DE7CB2406,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.564{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=FEDDD64F036C13362312509B17937D6D,SHA256=DD327A2B7630E2D975FAFE7262879F670EB4ECBD5F2DE9BE4BA824427229A767,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.453{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54892-false142.250.184.225fra24s12-in-f1.1e100.net443https 354300x8000000000000000239545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.377{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56601-false142.250.184.225fra24s12-in-f1.1e100.net443https 354300x8000000000000000239544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.273{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54891-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000239543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54889-false142.250.185.66fra16s48-in-f2.1e100.net443https 23542300x8000000000000000239542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.529{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=80C40CFD0DCF2DECF7C739455357E1A0,SHA256=8F73A1BAD1F7D062F1D49884CF0660A56720F06BCD5E68BCB4A6B76DF5F48E1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.514{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=088402A1445A9BF39684A865FA8A381D,SHA256=91FE7803268CD367C32F3653AF951503FF363B6E7BCB793513DA96F307716D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.499{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=60A48F0FD96DE8ABAB6D86E6226F44A5,SHA256=FCA998AEE2CA808A5D36E4E746201306C53D0EF5D3EEBEDF890DC96B56163BEE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.357{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.348{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8727C8EA24D7BD94DE8737AC3DF4B43,SHA256=DDCECBC6FE77D9978D0455854573B155D8B5515EC88DF8AFB98CA7B861988BB3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.195{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56600-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000239536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.194{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56599-false142.250.185.66fra16s48-in-f2.1e100.net443https 354300x8000000000000000239535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.194{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53276- 354300x8000000000000000239534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.193{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56858- 354300x8000000000000000239533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.193{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60279- 354300x8000000000000000239532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.192{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56436- 354300x8000000000000000239531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.188{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58722- 354300x8000000000000000239530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.187{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51625- 10341000x8000000000000000239529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.155{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.204{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com02a00:1450:4001:80f::2004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.202{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com0142.250.185.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.201{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com0::ffff:142.250.185.228;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.874{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56598-false142.250.74.194fra24s02-in-f2.1e100.net443https 23542300x8000000000000000214003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:57.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48D7BCA297AD74947BB8BF598772673B,SHA256=B7B7D705FAB25BBAF3AC6021B24458978721F4CBE83412A33EC5219952326C7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.707{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57185-false142.250.184.194fra24s11-in-f2.1e100.net443https 354300x8000000000000000239605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.701{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-52044- 354300x8000000000000000239604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.681{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57184- 354300x8000000000000000239603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.679{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49908- 354300x8000000000000000239602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.679{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54913- 354300x8000000000000000239601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.628{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59754-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.570{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56610-false142.250.184.194fra24s11-in-f2.1e100.net443https 354300x8000000000000000239599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.570{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56609-false172.217.23.98mil04s23-in-f2.1e100.net443https 354300x8000000000000000239598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.567{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59753- 354300x8000000000000000239597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.565{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52836- 354300x8000000000000000239596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.564{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60992- 354300x8000000000000000239595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.558{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57723- 354300x8000000000000000239594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.461{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local52904-false173.194.188.103fra16s33-in-f7.1e100.net443https 354300x8000000000000000239593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.398{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56608-false173.194.188.103fra16s33-in-f7.1e100.net443https 354300x8000000000000000239592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.385{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52903- 354300x8000000000000000239591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.384{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50348- 354300x8000000000000000239590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.380{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56606-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.372{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54454- 354300x8000000000000000239588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.362{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56605-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.345{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53752-false172.217.16.142zrh04s06-in-f142.1e100.net443https 354300x8000000000000000239586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.305{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56603-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.301{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56607-false172.217.16.142zrh04s06-in-f142.1e100.net443https 354300x8000000000000000239584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.300{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53751- 354300x8000000000000000239583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.300{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60631- 10341000x8000000000000000239582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.456{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.456{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.456{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.455{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EC6B4EAA9B273001213F49AE8BADD95,SHA256=370334FA4E1DF143A09C5CD3E79067E01BB15515E0084CC8B6126B2DDDA00306,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.215{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56604-false142.250.185.162fra16s51-in-f2.1e100.net443https 354300x8000000000000000239576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.191{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58760- 354300x8000000000000000239575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.190{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52922- 10341000x8000000000000000239574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.229{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.221{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.221{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.843{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59136-false173.194.76.157ws-in-f157.1e100.net443https 354300x8000000000000000239570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.754{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56602-false173.194.76.157ws-in-f157.1e100.net443https 354300x8000000000000000239569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.740{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59135- 354300x8000000000000000239568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.739{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53826- 354300x8000000000000000239567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.736{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50795- 23542300x8000000000000000214004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:58.308{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=025F4FC4E478E429E6DCDC5A5B0FB742,SHA256=2E6F076C22388F3F84E5C7388469EEC98D727B6F4842F16D38097E51C2A7F5DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.808{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.399{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=285A1C97C67740EFADB853005F267AD1,SHA256=8F8BD50B488ECAF9854E010EF6860DDD585A81E5C585C5945CD53028CDC81CA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.342{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+24fc451|C:\Program Files\Mozilla Firefox\xul.dll+258568e|C:\Program Files\Mozilla Firefox\xul.dll+2e2d477|C:\Program Files\Mozilla Firefox\xul.dll+2e2cf9d|C:\Program Files\Mozilla Firefox\xul.dll+2e3c18e|C:\Program Files\Mozilla Firefox\xul.dll+2e3bd2c|C:\Program Files\Mozilla Firefox\xul.dll+2a64bd0|C:\Program Files\Mozilla Firefox\xul.dll+165c550|C:\Program Files\Mozilla Firefox\xul.dll+162614a|C:\Program Files\Mozilla Firefox\xul.dll+1abd39b 10341000x8000000000000000239615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.339{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+256a551|C:\Program Files\Mozilla Firefox\xul.dll+24fef30|C:\Program Files\Mozilla Firefox\xul.dll+24fde84|C:\Program Files\Mozilla Firefox\xul.dll+24fddb4|C:\Program Files\Mozilla Firefox\xul.dll+2cf0bb|C:\Program Files\Mozilla Firefox\xul.dll+2cec3b|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+24fc451|C:\Program Files\Mozilla Firefox\xul.dll+258568e|C:\Program Files\Mozilla Firefox\xul.dll+2e2d477|C:\Program Files\Mozilla Firefox\xul.dll+2e2cf9d|C:\Program Files\Mozilla Firefox\xul.dll+2e38c4a|C:\Program Files\Mozilla Firefox\xul.dll+2a608cf|C:\Program Files\Mozilla Firefox\xul.dll+165c550 10341000x8000000000000000239614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.339{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+24fc451|C:\Program Files\Mozilla Firefox\xul.dll+258568e|C:\Program Files\Mozilla Firefox\xul.dll+2e2d477|C:\Program Files\Mozilla Firefox\xul.dll+2e2cf9d|C:\Program Files\Mozilla Firefox\xul.dll+2e38c4a|C:\Program Files\Mozilla Firefox\xul.dll+2a608cf|C:\Program Files\Mozilla Firefox\xul.dll+165c550|C:\Program Files\Mozilla Firefox\xul.dll+162614a|C:\Program Files\Mozilla Firefox\xul.dll+1abd39b|C:\Program Files\Mozilla Firefox\xul.dll+16e35ae 10341000x8000000000000000239613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.183{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.182{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.180{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.156{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.155{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.330{6EDEAD03-E420-615E-0601-00000000FD01}6016bandaid-redirector.l.google.com02a00:1450:4001:80e::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.309{6EDEAD03-E420-615E-0601-00000000FD01}6016bandaid-redirector.l.google.com0172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000214005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:59.355{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=027C65C65C032C9AB587E0A966EFC168,SHA256=DE56783605920CC4619C76CC577E1C3A8F6616AAEE43B22254908369AFCB8953,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.385{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65274-true2001:dc3:0:0:0:0:0:35-53domain 10341000x8000000000000000239620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.363{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.344{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEC75F23EB5332AC27269F6F47D1FBF1,SHA256=A5EA3632E97FDFD7F458B684D523C417DE51791201BEBA4B8ABCB25C10D3B8AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:00.386{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA9C7AB0DB944A61DEA5E4FCCB577C70,SHA256=E00EE305051C02E8E12336160641E6D875F5BF0B579C59A531D5BF69AC5E91EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.684{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53062- 354300x8000000000000000239624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.472{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-64053-true2001:500:a8:0:0:0:0:e-53domain 354300x8000000000000000239623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.123{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56611-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000239622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:00.348{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21BFBF3DBAF1ADAAE105E24D1E2652A1,SHA256=0553DFF7E21D8ACCB6491AEACD96E56179027F1269A05F67C4FC2F0327023035,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:01.386{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76E56F04556524B76C031D8CF6FD019A,SHA256=FBB280F019511D99566FD547A142F621E5CC67911A477944147999CE6A4C54C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.964{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.943{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:00.743{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-59643- 354300x8000000000000000239631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:00.716{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59643- 354300x8000000000000000239630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.709{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53062- 10341000x8000000000000000239629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.761{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.761{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.589{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11797F899F39CFB6C74C5892F6C4725B,SHA256=0224EC1911A0851BF2D54475B6E97B2D6487140803B63F33A48C85DAC051624E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:58.758{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50034-false10.0.1.12-8000- 23542300x8000000000000000214008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:02.386{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=050AFAB2CC70E42EA07088E403D6D3F9,SHA256=56C77D54239E83188CA601A3A0A3D5C22688C4583EB665ADAFC274B6B640245D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.813{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.773{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.758{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.724{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.715{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.712{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.711{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.711{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.707{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.380{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2D65699E63C75D0BE353E1AD0C960C2,SHA256=BFEEF4620C16152FF56CB0F2E5ADCA5391FFE731864383FAC3A423BDBA01CD83,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.119{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.753{6EDEAD03-E425-615E-0B01-00000000FD01}5880ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41MD5=2BDD77DE8E70D857436A9F994A2CC4DB,SHA256=56ACC140838EA4C6F20A596CC0E0465E4748430105EA83BF8BDDB587F1507B0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.421{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.393{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFB2845E985C581C8DF08984AB8BE3BA,SHA256=66BE3ED46425ACEC2848DCB0B00A460108EA10DCB5FF25A562A4551E66E4360A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:03.402{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C436C3EF88F77FBC152243FEFD7B813,SHA256=FFEA1041D314E812C45097BC279A689BBB52F1C74A5B25A4C5438D278FABF5AB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.341{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.262{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.187{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.108{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:04.402{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09D638771F5A4FF58E5C535E4E4E993F,SHA256=35482DF4F61511A194D8986B927D7126556D03625E636D4B4D65B470C5332861,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.799{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63459-true2001:503:c27:0:0:0:2:30-53domain 10341000x8000000000000000239656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.583{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.541{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.408{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA7D99E4D0DA5F65D5CED54708B1A344,SHA256=E191128229AECEC1EDE3C018D2EB7CA453892BFD2A331C69781E32D57BC44798,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.023{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:05.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DDE6A630439BF8E2A0B8055E88230C8,SHA256=6159693F73B5D1AC99227F9D578B46EEE527BA24063BEEBF4F205F9CE8B388DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.663{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.418{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA45F787736F191AEFCBB8F7D725548F,SHA256=2F046AC3FCFD734975B68706C5DA82986E64612EC4F10197FC40522C3938306C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.393{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.144{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:06.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=938A8520862A83A0B9229AC1A6304E03,SHA256=D6F2E0A953ACDB5ABE519922DE50157400B2A2775FA5D2BF04CFD06F3178A436,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.989{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56612-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.783{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-49852- 23542300x8000000000000000239675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.788{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=8AA47975DE0C0A2157A9C241BC46241C,SHA256=6E5BDD816F9B714DFD6835E6810BBB4E677D5C8D4229BB9EE22DCE2BFF8DA324,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.785{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=3C20F079776C738E4865F999EE6DB662,SHA256=CC1AA3FCABE05A0E887E11B6A976731148E1F6D48C095EADE8DB90CCA628D546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.774{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=C6D21C5BEF16C622F11227AAB69ADC9F,SHA256=4F07ADFEA0DEDC9814DC8B7D25797EF02541DB361F6B3AA1B7592B6AD5DA6FD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.761{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\usageMD5=6B8555AB9FDE6310D3E71E01D309780E,SHA256=A22DDCF27E16FA01B790A72347CF89C957FDBE56509D961960FA724B34E256A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.433{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4235FA55C634C829563BA203813B7AAF,SHA256=2A742833D74776C25C85AEA8455E50D1EE9D75062D5670E5D5F4129B6C793EBD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.408{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.406{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.405{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.405{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.405{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.404{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000239662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.260{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.595{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.592{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.592{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.592{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.450{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62DED66DF81E96854345D15098BECA1C,SHA256=236548F906767CBAC014934A285C068122DCB0992B03F6D74328F6441410A717,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:03.805{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50035-false10.0.1.12-8000- 23542300x8000000000000000214014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:07.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50D8689A9E2E6B3DF465F376E0542DFB,SHA256=8D657D1652400B5A94C8F53CE9C86ED98D51A41DEBBA0B0207B3D24B34820CC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86F5F51439C3197DF55841305043B48F,SHA256=2371B99ED9C773B309502970C4E5558EAA329E5B98FDA611352E97C2A111F0F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.410{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1E6C5779364C36B0E239D0991BCD98D,SHA256=D8C498BA54B73BF57663BCD5ACCD0C3397ED101A5A4B7CE24278894650C6A58D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.393{6EDEAD03-E813-615E-9F01-00000000FD01}4044556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.078{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.743{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=7B039B2B370FEEACDEC7C8471F52CAD2,SHA256=CF4256B883D342774E44A4A27D924C8170B5F3FBB9ADD433222D7E0988E20033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.740{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=567362C1EFC362F12AEFB11478602CB8,SHA256=BAB3FF1D25B50587C578582FC38A0B033F7E4ECE997C0176D7E5914051030C1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.738{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=3D64ADAD99654576A7FD1541C676AA8C,SHA256=63FD12E2EB82B482B10DFFC9294DDD4497A0D4550446E311835C0E95CB2736BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.734{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=01E821DD24F338840B5CFBE40E316D7E,SHA256=80ED6803A50D147F4D9C218BE4EC84A7FB6CB0DAC1D9B571D4912F14AFC13E34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.733{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5E6EC0B5671CB202B57B8CD95A703A2D,SHA256=5F86CF323AA3CF1E4CE27C986DB7EDFF70AFB7E1B43B806D80D60F4BD059B0C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.730{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2442CEFD0BFA52F9EB82514F1011B2CD,SHA256=55F6870EF759E12A0EC032E1409E9F7601D8A1028F5633F54351CE568395D6DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.630{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86F5F51439C3197DF55841305043B48F,SHA256=2371B99ED9C773B309502970C4E5558EAA329E5B98FDA611352E97C2A111F0F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.462{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74A71EDED2CA822D2D670F4430CF4C8F,SHA256=CD1858CDD4EEE8BE37744AC5F8C21EF48A013099593EF42FAC8FA14D44E9BC77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:08.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9DF57B485C8D6B0783F41CF027167AC,SHA256=F89177602C8A9DD6866214CC67B1A1E3691B9ED03185B1B22D9B2B53DF1FE58F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.626{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56613-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000239699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.626{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56613-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000239698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.400{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63459-true2001:500:2:0:0:0:0:cc.root-servers.net53domain 10341000x8000000000000000239718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.990{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.777{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.507{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85F3B9026EC77FF69C6B22A04D5384D3,SHA256=C947217647E8DF2A13E59CE6A19B430FBE00D06F9FDF925564A3ADEA5F78B8B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:09.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B60166063E0B9A00076AECF2F9E9C42E,SHA256=B6AE234693B5EEE852D2F44430FE93D4DFBAE2C5E7A88B8D553D23FCDAFE6B40,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.939{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.930{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.930{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.790{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7CEEAAF8D1CF38F0FF1988767EA9CF74,SHA256=892BB018849A0DD5542CAF2E10B5941E43B1ABE6AE6F54F0278096F21D3DC503,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.528{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86241E29D9E33A16129A34199706B845,SHA256=1CD50F2888DC3B3D54BAA95A40934FE9A468CEC882661F309F008838E4A26CB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:10.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03068D26416B941B4B4C207D156CFFA,SHA256=C0363474F7EB7745C4B2D1E39556FE9A0F1524615693948F680D718D471A537C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.274{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.221{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.133{6EDEAD03-E815-615E-A101-00000000FD01}49044196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.961{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000239746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.957{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69913BB0E7E45AD83B91F1E714E632FD,SHA256=85F346DE0BB8BA0C958F7D9F42CD3A004A58EA2798B6A9A2B73F6FE9A3182A04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.729{6EDEAD03-E817-615E-A301-00000000FD01}4168312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.553{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34E02013BBB8562DF37FE626936227A8,SHA256=3510C863779955300F2AF4CCEB988BC30066720682B17EEBF410D75F385483B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:11.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8564C518BCA81622AFC9B3B2375384D4,SHA256=581CAD314EF778DB280A55D8A0588DABD449B456C1CCA68334ACF256F14A8113,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.462{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.455{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.455{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.454{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.454{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.454{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.453{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.453{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000239735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.348{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.347{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.346{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.292{6EDEAD03-E816-615E-A201-00000000FD01}70684192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:09.648{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50036-false10.0.1.12-8000- 23542300x8000000000000000214020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:12.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=799DC3018AAD199718BB67F3042F56D2,SHA256=A6BD403CE8E2795575C1838DA270E9CB7DCA5DDBA5B28E41F54C67D4406CFC04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.607{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A94735C54F2384859AB8BDE7FC616C0,SHA256=3DBDBA155BB2929C6B88F14287B143EE21EE74700F56427BA19FE55D5C31C4D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.514{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.508{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.508{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.508{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.505{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.504{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.504{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000239748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.091{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56614-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:13.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2758D22F4CC1F90E2C0AB92F4D51482B,SHA256=01F23D19A962FEFE1BEA8EF88186BC95263DDEFDA93AF96F7F410858446F1FDD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.937{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 354300x8000000000000000239771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.368{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52362- 354300x8000000000000000239770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.365{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54963- 354300x8000000000000000239769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.365{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57807- 354300x8000000000000000239768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.364{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57790- 23542300x8000000000000000239767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.615{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67C0051FF4CDB03B3B06EBD229C38295,SHA256=6839EFB68B64DE6E0CF28EC8227AAC34BE8AFAC149B96BA4A936A959852E23BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.590{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.589{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.588{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.588{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.588{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.587{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.511{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D46066A4B459276732667E4CA24EEC8,SHA256=AFF4916CE26F9828EBD0FF3C3A6D8ED0451964A7C03F849E4D1FD5987D878E5D,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.372{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com0::ffff:140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000239758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.217{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\protections.sqlite-journalMD5=396F43EFE0E3FCFBF37149D3FD44DDEF,SHA256=CBC92174D66F920B4B9551181905019D7F22CD8B5DA90C6A2F9DA0694ABB044C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.625{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD517440FBE9A40F87C49769B87071F9,SHA256=4239BBC3357DE7E8967AFC37AF5374FAED0C97678E3A833501763644DAAEBE7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:14.481{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=700704A32D17F4C1A2BF143BB655CBB9,SHA256=943D5244D18540B48B4F1EBD7056E65574D9A9CC4C307154B54350DCF09AB5E4,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.133{6EDEAD03-E420-615E-0601-00000000FD01}6016github.githubassets.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.129{6EDEAD03-E420-615E-0601-00000000FD01}6016github.githubassets.com0185.199.111.154;185.199.108.154;185.199.109.154;185.199.110.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.120{6EDEAD03-E420-615E-0601-00000000FD01}6016github.githubassets.com0::ffff:185.199.110.154;::ffff:185.199.111.154;::ffff:185.199.108.154;::ffff:185.199.109.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.375{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.374{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com0140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.139{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56622-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56620-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56618-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56621-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56619-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.120{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56617-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.112{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60166- 23542300x8000000000000000239776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.310{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=49F1AE5458DA67004D173DCB7FA92932,SHA256=241CBD003727A9B348B50C75E1A67BF2702A855DD6DB90627BAB4601460BAB31,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.968{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56616-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.368{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56615-false140.82.121.3lb-140-82-121-3-fra.github.com443https 10341000x8000000000000000239773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.010{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000239801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:15.636{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE672E832C72A47427022B3E5B4C3780,SHA256=95FCCE3AA2E1D748DA64A8EF0019070918646D94063FD0A03C2E9E1BAAC948CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:15.481{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2951EE46C4D5877BE5478A307F67C265,SHA256=0E7A18B83F15ECD815F0DCF08B8B955EC3860FA73DB31CCB0F6A7C48AFFBC033,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.926{6EDEAD03-E420-615E-0601-00000000FD01}6016api.github.com0140.82.121.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.924{6EDEAD03-E420-615E-0601-00000000FD01}6016api.github.com0::ffff:140.82.121.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.830{6EDEAD03-E420-615E-0601-00000000FD01}6016analytics-collector-28944298.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.820{6EDEAD03-E420-615E-0601-00000000FD01}6016analytics-collector-28944298.us-east-1.elb.amazonaws.com023.21.66.55;34.230.149.116;54.84.193.129;54.209.192.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.819{6EDEAD03-E420-615E-0601-00000000FD01}6016collector.githubapp.com0type: 5 analytics-collector-28944298.us-east-1.elb.amazonaws.com;::ffff:54.209.192.22;::ffff:23.21.66.55;::ffff:34.230.149.116;::ffff:54.84.193.129;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.918{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56624-false140.82.121.5lb-140-82-121-5-fra.github.com443https 354300x8000000000000000239794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.897{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56623-false54.209.192.22ec2-54-209-192-22.compute-1.amazonaws.com443https 354300x8000000000000000239793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.842{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50502- 354300x8000000000000000239792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.812{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58957- 354300x8000000000000000239791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.811{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53105- 354300x8000000000000000239790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.800{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60611- 23542300x8000000000000000214025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:16.481{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C50315F99E276041D70CF290CDEFB26C,SHA256=E28B95740029D4E7D2656B3BFCE981DBA9A8B164298FF52F8DB0ACFD7F5D7499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:16.644{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F70A602394160A331BEC2EEC4F66C76,SHA256=837966A8A6D46AAE6EB155F2782A2522909216C14025E8A428C4D91303A22DC7,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.070{6EDEAD03-E420-615E-0601-00000000FD01}6016avatars.githubusercontent.com02606:50c0:8000::154;2606:50c0:8001::154;2606:50c0:8002::154;2606:50c0:8003::154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.067{6EDEAD03-E420-615E-0601-00000000FD01}6016avatars.githubusercontent.com0185.199.109.133;185.199.110.133;185.199.111.133;185.199.108.133;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.064{6EDEAD03-E420-615E-0601-00000000FD01}6016avatars.githubusercontent.com0::ffff:185.199.108.133;::ffff:185.199.109.133;::ffff:185.199.110.133;::ffff:185.199.111.133;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.930{6EDEAD03-E420-615E-0601-00000000FD01}6016api.github.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.057{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55297- 354300x8000000000000000239802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.053{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56202- 23542300x8000000000000000214027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:17.484{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06EDD2ACAD491EB9533F721A150ED9D3,SHA256=272CBBEDB0927B3785AF23E0208796E710A77780C2F826655C10AA02C4551555,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:17.656{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29213CCC7E44CB5712B844CCD0E52D60,SHA256=6C4E41853D94E78F7D1E2BE1CF1EC49EDF4E92B4BB30D2834FCFC708FFC32AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:17.205{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-026MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.858{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60904- 354300x8000000000000000239810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.858{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51077- 354300x8000000000000000239809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.058{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56625-false185.199.108.133cdn-185-199-108-133.github.com443https 23542300x8000000000000000239820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.788{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=F9B0549A77E2BCC936B125DDF445B378,SHA256=78B44CD90E102CCBB41C5453CFC9BFBF6A720D0A123219327CEBD51F70519404,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.786{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=0EF804B5FBE80BE540112726E7296FF3,SHA256=8BE79BF611C4195F305F273C0A8EB4C154AD78E021DBDAB570F0C05658D6AB05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.779{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=CC8A3AA4DA2474C654EBFE798224362B,SHA256=E58C89197E31012068E3E5F530D80988E9395F12B373DDF534AE5D440C467EBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.755{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=1B26B2E832DEC45105D2C90005FD2C07,SHA256=7AD891A622BC11F458F14C06BC0A781DD417B64DBA792E83ABFFA6088B70F7F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.745{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=81E0064E51525D0EE4B09FD2F22867D5,SHA256=A6CDB5706C5B050C83D273A551C28CDE799CB7E27C6CC3243D21F0D66CB9C559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.737{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=050D975E55D2B2A96E9520DC8CA834AC,SHA256=09CF1504B06AD9C93243397FB6E45181B3ACD99345D29FBBB6764E3C634EF18B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.662{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=624EE6F4FC9164D690E8105E6E160D69,SHA256=FEBE9E72B87BFC2051DB06A059FB6F5566C0D4FCCD3CDE2EC6C5EA8A0EB59906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:18.498{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63EA1D294A4F21E9C3C0C530F07EB384,SHA256=0634A33A6C5D0C227FCE3AAF35C639A13F6BDAAD1FAF3EC8686439055E08023C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:18.204{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-027MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:14.758{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50037-false10.0.1.12-8000- 354300x8000000000000000239813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:15.141{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56626-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000239822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:19.669{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0D3729408650DE21CACE472DE5CC8AF,SHA256=5B1CA89F64BAA271277E01E44DAD620591F5A6CD96D61EDAC87152644BC2C6EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:19.500{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A35D4B362DECB786B4728FA1704EAF55,SHA256=F7369DFBB08C04B53D586003E90B5F36CEE6C4DB69B04BCDB67B24EDEADA3CB2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:16.886{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60794- 23542300x8000000000000000214032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:20.500{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B26F00560D1C0CE51596A18C82FE468,SHA256=8DA527117C59C56D347F9F947D68BDA61C8152AEDBDC2D1F86FBAAE0973F66AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:20.673{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DE7692B7E7C5373F764B93867972AE9,SHA256=E98BF0262429D735005B8491915669B73B5BC509C6FE178F47ABF64D35F8E3C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:21.500{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3005E42242B05EF911131548421E4E44,SHA256=C4B863A07371FE2C72E8CBCDBA08C6576ACFA3B00BD27DABFFFDCA81582CBAA1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.856{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.855{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.760{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.760{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.697{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E022E0C86398D10C2791D0A9CA65E03,SHA256=02D0934B505A9222AD02043B7DCA08111F67EACD5E6ADD12CB66EF9D246B2729,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.564{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.563{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.548{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.384{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.379{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.379{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.067{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f1b414|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2 10341000x8000000000000000239825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.066{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f1b414|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2 10341000x8000000000000000239824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.045{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 23542300x8000000000000000239838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:22.719{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F67F995329D811C1B283FAF29B96F1F,SHA256=7B54E82A97F5EA5F2074915F74A8FA5614F03C6F16EAD0AB3373D0327B5C5F90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:22.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AFC9E67353CA0B6C68DEB7A2DAB19EC,SHA256=FFE561C40B48D7CD32EDD9356A2978E6C2E56DF93DAAE00829A27704A6A6440A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:23.724{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2689926F2F672441D430BEB0ED3654CB,SHA256=207D6E645677649F86031462FD256E9B57889BB88F1779ED110AAF5434354D5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:23.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF8846FE97996D9DCBA1945EA34B7277,SHA256=B6707A8395531E0E66A96D2D928BB322C19CBECB56E7D2C4FA51CF7F64333D2B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.042{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56627-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:20.975{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57680- 354300x8000000000000000214035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:19.762{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50038-false10.0.1.12-8000- 23542300x8000000000000000239842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:24.728{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F96896AF38DF501F0F82F7A557E9B138,SHA256=0993B9A83DE620DCA75AB550BD991B2C96966F45AC0A1ECACA6B8BBC79FDB5FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:24.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D8E4A6BB5AF0DCBE99D60816F9B8ECD,SHA256=BB01BB27D1BB576726DF65A352FDAF9FE0172B5ACA270BE4A0F4E26DCA87A8CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:25.736{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05B59154134445F7F5368246D0EE70A6,SHA256=E7544FC5B029BF52EA63E75A379839B976148E5DB304FF5D1A00499298F6F870,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:25.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=095EAFBB91937D98FC86E1DC350DE9DE,SHA256=E451B61275199BC3B27E79A9A431515B88E30A26756379BB9F6A17B82EFDC132,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:26.743{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9124459459AF82981FD1311AF37A20A,SHA256=8A247418267C20181E98A3B1CC7F72AA3EFDFED367C86F6173AEC87E847B2366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:26.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB7A3EEAA84B059A5C999566E6418A55,SHA256=124A3EFFBC7A4DAE9F886B63006DF9F644DA033EE05C7BDF498A64D21D13102B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:27.744{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52DA645F66115A2A38FB1386C083D0EE,SHA256=7FE569662056B04DCC1A33117EF88BE0A77928B13874CA107831D57BC2151663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:27.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=940565B46EE817BD110A0FC2C0AA0B5A,SHA256=4DD6DEA56C7018AE776F493FEF32AE7A0FE55263D5DCB25177DA64929FD20857,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:27.684{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-0F00-00000000FD01}304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.749{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0ABF131B86E9E53A064189209C9B663F,SHA256=A661DB96043A75E18A9858D182933BEDBDCD32F98FF2427B84CBE7566DCC806E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:28.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=127AEA106145265B1E16ABCDF385AA14,SHA256=FDB19F3BC682826719A29B8A932996220FC2F8B6DB6F19FAF60910732BC2E2CB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.705{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000239849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.705{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.705{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF199fe0.TMPMD5=C58952CF47A40E878145002B738FDDA8,SHA256=5246515B04772B58453EE8E8C5C9C6E9F2B2DADF381EDC92D5E1CAA1130C1630,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.693{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776|C:\Program Files\Mozilla Firefox\xul.dll+b2400b 23542300x8000000000000000239857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.755{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A1A1769186E565E9C8997C5832B89F,SHA256=42A401FB8E94C68AEF3845482E4FF1D9A97402BD6D13B668AD9F112E187094EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:29.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB7BCB728EED3D4FD53FABF19A70073B,SHA256=84EB6F5F6A2B0DFECD7D64D8A29A62AE2381BA0C3B69DB9F810A32A762D0B57E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:26.917{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56628-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000239855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E410-615E-E300-00000000FD01}4332C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-0C00-00000000FD01}836C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:25.653{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50039-false10.0.1.12-8000- 23542300x8000000000000000239858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:30.756{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32636CD2A4034846DD2A6BF482BDA28B,SHA256=4AB6E509DFADE016DE05F0CA7A358CD5A3D1CA25DAA1A0C65D6DF604BF1B7686,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:30.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76C4FB0D247EA443576B98A2C22E602D,SHA256=86EF48CA6E52640441D5302E4F645794284A37E797E9F72898CFADC65D664695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.761{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98F532EEFBFF5E2C700596793F8A9CA3,SHA256=0E9A291DA6B47AD743B2358EE8FAC0DB8FACE4A718D8A7D12BC0C61E95FACA01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:31.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CADF30A8E0911C84A12C73F868D892E3,SHA256=B1B67E8821E2AB42D876E7303EFB52C930127C29D7B92DCF1119FBD068661C7B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.661{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000239860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.300{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+f26720|C:\Program Files\Mozilla Firefox\xul.dll+f17b9b|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562 10341000x8000000000000000239859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.232{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f1b414|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2 23542300x8000000000000000239870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.980{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-journalMD5=2A3B00A4BA97DEB93EFFCD9FDA010E9A,SHA256=AFA98DD1F614BEFC1991E4104E5C86A188BAAA4B2410B6662C46B105C9E0FC20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.972{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-journalMD5=2F7717E2796DF675ACDC2A5A793F6549,SHA256=A9A4BE8DF183D06881588E55057BA3DA637955B7348C88102CCDF4823662EE3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.769{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD415E4DFF279497F2DC59563D526885,SHA256=8760CC43FAE52167689260C76BF8048E8C312AAA5E59A10021C5B5A9B6E13603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:32.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCEAF3D3F6365F7385EBE1D58EA8801A,SHA256=14F669F57AE6EB571700011E2BD2891CE5E87C3DCC2662398BF42B12700DD285,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.511{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000239866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:32.330{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.16.100499062C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000239865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:32.330{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.15.38966820C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.310{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.298{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d7e4e7|C:\Program Files\Mozilla Firefox\xul.dll+3ea8a86|C:\Program Files\Mozilla Firefox\xul.dll+21dc6d0|C:\Program Files\Mozilla Firefox\xul.dll+911a3c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051|C:\Program Files\Mozilla Firefox\xul.dll+8e0e2e|C:\Program Files\Mozilla Firefox\xul.dll+8e018e|C:\Program Files\Mozilla Firefox\xul.dll+8ea0a7|C:\Program Files\Mozilla Firefox\xul.dll+8302aa|C:\Program Files\Mozilla Firefox\xul.dll+7ce177|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e 23542300x8000000000000000239894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.787{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=028B5A23AF77F428208A5B36FB9C14AB,SHA256=71E23112DBFEC65215D9BF7DBD48AE6D235637791114B0EF766796BA5A7BABAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:33.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C733C1A190EAC9C5D828DA8D6F58C114,SHA256=7987E409D2304F471366A65763D9C0E2BF0BF6AFE31FA4FC99C21762EE7322BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.412{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56634-false152.199.21.141-443https 354300x8000000000000000239892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.403{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56632-false152.199.21.141-443https 10341000x8000000000000000239891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.636{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.632{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+2655c0b|C:\Program Files\Mozilla Firefox\xul.dll+2648cf6|C:\Program Files\Mozilla Firefox\xul.dll+b382c0|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573 10341000x8000000000000000239889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.612{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b37716|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 10341000x8000000000000000239888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.608{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 354300x8000000000000000239887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.374{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56631-false152.199.21.141-443https 354300x8000000000000000239886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.373{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50624- 354300x8000000000000000239885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.984{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56630-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.980{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56629-false104.244.42.129-443https 354300x8000000000000000239883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.958{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51534- 354300x8000000000000000239882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.954{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55955- 23542300x8000000000000000239881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.444{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\cache\caches.sqlite-journalMD5=1381C7533AC2D155DE2C684AC0AFBFF7,SHA256=8AACD1AF9C228812DAD9EE1856D6B8B39DFBF783E4F89590D955CE9C1E58E76D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.432{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\cache\caches.sqlite-journalMD5=391028B9971558CE275147C8CA325383,SHA256=708899B40F5B6AD273BFB76071F91E9DC3848E99A17C0599307325BC9C5FE6B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.289{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.287{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.287{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.276{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.036{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.036{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.008{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-walMD5=32561EE994E6CD4EF0DEAB49FA88159C,SHA256=00A2FD3D2D67C404F241980504A4F528668EA8B6355756A00DF938B4E613E557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.000{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-shmMD5=CFCF329E8B51B908B33B188E4EA60550,SHA256=8D8359A50E43404388E30FC1DCEA99633C6CC281CF42E1CDB432B1FD30D7756A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.740{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56639-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000239917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.712{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65456-true2001:500:12:0:0:0:0:d0dG.ROOT-SERVERS.NET53domain 23542300x8000000000000000239916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.830{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B186972717B0A71E36558282289CBC4D,SHA256=196598D4ACD52631BEC8D4E85B6C64CB66E09644B0533F7736748A69A5C491C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:34.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72701CF676991A2C90443917799333FA,SHA256=00E442766BA39522659330A34537AC5AD924D31067BDC8716C4BF6929247EBCB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.522{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.266{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53971- 354300x8000000000000000239913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.266{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-52410- 354300x8000000000000000239912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.239{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52410- 354300x8000000000000000239911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.231{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56637-false104.244.42.130-443https 354300x8000000000000000239910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.229{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56638-false104.244.42.130-443https 354300x8000000000000000239909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.202{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61457- 354300x8000000000000000239908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.154{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56636-false192.229.233.50-443https 354300x8000000000000000239907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.153{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53574- 354300x8000000000000000239906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.150{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53693- 10341000x8000000000000000239905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.087{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+accd49|C:\Program Files\Mozilla Firefox\xul.dll+aea1fa|C:\Program Files\Mozilla Firefox\xul.dll+a84ae9|C:\Program Files\Mozilla Firefox\xul.dll+aceff0|C:\Program Files\Mozilla Firefox\xul.dll+19834cf|C:\Program Files\Mozilla Firefox\xul.dll+198cf35|C:\Program Files\Mozilla Firefox\xul.dll+25aebfa|C:\Program Files\Mozilla Firefox\xul.dll+25c3a74|C:\Program Files\Mozilla Firefox\xul.dll+25ae57e|C:\Program Files\Mozilla Firefox\xul.dll+188b5ca|C:\Program Files\Mozilla Firefox\xul.dll+18888fd|C:\Program Files\Mozilla Firefox\xul.dll+1884327|C:\Program Files\Mozilla Firefox\xul.dll+1a8f46e|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f2161d 22542200x8000000000000000239904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.223{6EDEAD03-E420-615E-0601-00000000FD01}6016tpop-api.twitter.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.218{6EDEAD03-E420-615E-0601-00000000FD01}6016tpop-api.twitter.com0104.244.42.2;104.244.42.66;104.244.42.194;104.244.42.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.217{6EDEAD03-E420-615E-0601-00000000FD01}6016api.twitter.com0type: 5 tpop-api.twitter.com;::ffff:104.244.42.130;::ffff:104.244.42.2;::ffff:104.244.42.66;::ffff:104.244.42.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.164{6EDEAD03-E420-615E-0601-00000000FD01}6016cs672.wac.edgecastcdn.net02606:2800:134:fa2:1627:1fe:edb:1665;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.163{6EDEAD03-E420-615E-0601-00000000FD01}6016cs672.wac.edgecastcdn.net0192.229.233.50;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.386{6EDEAD03-E420-615E-0601-00000000FD01}6016cs510.wpc.edgecastcdn.net02606:2800:233:8173:898f:63b3:95c3:79d2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.384{6EDEAD03-E420-615E-0601-00000000FD01}6016cs510.wpc.edgecastcdn.net0152.199.21.141;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.969{6EDEAD03-E420-615E-0601-00000000FD01}6016twitter.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.966{6EDEAD03-E420-615E-0601-00000000FD01}6016twitter.com0104.244.42.65;104.244.42.129;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.965{6EDEAD03-E420-615E-0601-00000000FD01}6016twitter.com0::ffff:104.244.42.129;::ffff:104.244.42.65;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000214048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:30.715{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50040-false10.0.1.12-8000- 10341000x8000000000000000239951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.909{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.907{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.886{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.849{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.847{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.846{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:35.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AB014D71D4ADC202DA1E41FAFCD4F6D,SHA256=0E71C4072558E7CFA124F77F860A6E05C8D609F548AFB6AF9EB2571C2CCBDCA3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.824{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.824{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.823{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.800{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.800{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.770{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.514{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-026MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.376{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57328-false142.250.185.109fra16s49-in-f13.1e100.net443https 354300x8000000000000000239937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.325{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56643-false104.111.230.79a104-111-230-79.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.308{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57327- 354300x8000000000000000239935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.297{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54463- 354300x8000000000000000239934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.269{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-50291- 354300x8000000000000000239933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.264{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56642-false142.250.185.109fra16s49-in-f13.1e100.net443https 354300x8000000000000000239932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.262{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58741- 354300x8000000000000000239931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.258{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54463- 354300x8000000000000000239930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.257{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54906- 354300x8000000000000000239929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.242{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50291- 354300x8000000000000000239928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.027{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56641-false192.229.233.50-443https 10341000x8000000000000000239927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.493{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.492{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.489{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.487{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.421{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.956{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56640-false104.244.43.131-443https 354300x8000000000000000239921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.955{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52230- 354300x8000000000000000239920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.955{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53757- 10341000x8000000000000000239919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.202{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:35.048{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=B117169C9EF91E986735952D3B7B76FB,SHA256=B52D78BBB98438AEE50997E66F165CA5F5FD46FBE0568470F1CF4BD31C33DA5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:36.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2ADCB854AC229498809BCD6C97E77C59,SHA256=2BA25B6C47F675F5BACB40AEDFF0DE5B5C4131808A4712A7468A3F5C4A2E00AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.509{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-027MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.259{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54344- 354300x8000000000000000239986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.164{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56644-false104.244.42.129-443https 10341000x8000000000000000239985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.323{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.297{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.296{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.286{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.270{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB016E8A6713373A6AA412B4D6D45086,SHA256=485524B0C30BF60E0F06CA0E00CA6E1C7CC2C097090D0AEC7FE234355E2EF0D6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.267{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.261{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.259{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.258{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.258{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.258{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.089{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.072{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.070{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.069{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.069{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.274{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com02a00:1450:4001:80f::200d;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.271{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com0142.250.185.109;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.270{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com0::ffff:142.250.185.109;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.046{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.046{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.040{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.040{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.019{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.019{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.007{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.007{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:37.548{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8F184265D23796510011898D4E7A04E,SHA256=0F9D6CACF6048A9C132B66A17D96D704489126B79F27FB8429931701DC111713,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.796{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.261{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55033- 354300x8000000000000000240012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.141{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57701- 354300x8000000000000000240011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56650-false68.232.34.217-443https 354300x8000000000000000240010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56652-false68.232.34.217-443https 354300x8000000000000000240009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56651-false68.232.34.217-443https 354300x8000000000000000240008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.116{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56649-false68.232.34.217-443https 354300x8000000000000000240007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.116{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57701- 354300x8000000000000000240006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.115{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55119- 354300x8000000000000000240005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.054{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local65499-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.028{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56647-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.028{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56648-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.023{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59326- 23542300x8000000000000000240001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.291{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=184CDE978FC2D9E7C204C9F22A1A2715,SHA256=579CF9C031A136ADA34A6229591D08AD21CF52C66E43D62FDE92E0FC70E7EEED,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.951{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local56855-false142.250.185.67fra16s48-in-f3.1e100.net443https 354300x8000000000000000239999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.925{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56646-false142.250.185.67fra16s48-in-f3.1e100.net443https 354300x8000000000000000239998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.925{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56645-false142.250.185.67fra16s48-in-f3.1e100.net443https 354300x8000000000000000239997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.924{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56854- 354300x8000000000000000239996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.923{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52564- 354300x8000000000000000239995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.921{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61160- 23542300x8000000000000000239994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.127{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=007AEDD696B34CB4FB64655ADA6F3F29,SHA256=EB6147ED52755E379551775271813F3489FDB9509C130F812F4C9A608DE06F49,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.320{6EDEAD03-E420-615E-0601-00000000FD01}6016e2885.e9.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.317{6EDEAD03-E420-615E-0601-00000000FD01}6016e2885.e9.akamaiedge.net0104.111.230.79;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.315{6EDEAD03-E420-615E-0601-00000000FD01}6016appleid.cdn-apple.com0type: 5 appleid.cdn-apple.com.akadns.net;type: 5 appleid.cdn-apple.com.edgekey.net;type: 5 e2885.e9.akamaiedge.net;::ffff:104.111.230.79;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.789{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58339- 354300x8000000000000000239989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.763{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58339- 23542300x8000000000000000214054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:38.548{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B796000C04C0521A286C030EE5AADB0,SHA256=1C7015BC4EF194C745D05234913FEDB59FE860F8F98B055DF3E3CCF22C11992F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:38.834{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=A3713456CE9EC5585A6BBB27F6CF6E4A,SHA256=DBEFE7D9F0BBD3841CEA5E493CBF90FA6F52C35C5A8C1F8B2584B0464B0B85F1,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000240018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.302{6EDEAD03-E420-615E-0601-00000000FD01}6016cs189.wpc.edgecastcdn.net02606:2800:233:1ab3:789:1032:20e3:21;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.124{6EDEAD03-E420-615E-0601-00000000FD01}6016cs189.wpc.edgecastcdn.net068.232.34.217;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.035{6EDEAD03-E420-615E-0601-00000000FD01}6016gstaticadssl.l.google.com0142.250.186.99;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:38.023{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05DBCAE31FD8845F4E4EE357A0A7653B,SHA256=6946FABC6CDA60463E8CDF68A8BCFCDB48DC01ED6AF90F7FB0181A6A1626B42A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:36.684{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50041-false10.0.1.12-8000- 23542300x8000000000000000214055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:39.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CA0F337F0B9006BE1DF2324C6E47352,SHA256=C7D6129A62D4E8314FA78E51D76242C70E154D8EDF5C464AB3892D42C06DE4DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.946{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65456-true2001:7fd:0:0:0:0:0:1k.root-servers.net53domain 354300x8000000000000000240022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.925{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56653-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000240021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.269{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52260- 23542300x8000000000000000240020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:39.048{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5023C9E8F95A3E9E5DCA847A98557E8F,SHA256=F1BD9216D935C57FED150D41AF302BF86EB56E897F984A8DF200AA2C8804D347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:40.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D949C049AF83EA094C243295987F801F,SHA256=CE31C192EC122505D0D4D8C6421DD4EC14EB9BB907BA9B2C58E5B01F853F2080,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.659{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.078{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F69F0DA319886D2E051CBC9962FFEDE1,SHA256=CA0D730C94F2EB71140BAFAFF9C21AB86D436C69B55A81AB720F9CCA453FE6AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:41.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=265C8A7017222B92E320236D04282FFD,SHA256=A022B85C33149B6BE53C5233EDE58564FAC43E1DA7D9603137A9E85C0456E622,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.545{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56654-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000240027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:41.603{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\indexMD5=810C0D5840D21C648BC7BF071A2AD351,SHA256=0708C8A01959BDD89EC22BA9DD684A9D8F46D63D477B3E2F13674E955CD9F4F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:41.082{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A79C77B808AF49D10F4324CDF86E4FB7,SHA256=FE2328D693BA2D037C53AD92FE73F440504C30F057756D64B3F445EAC02A935C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:42.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EB1AB28DBCFA7EA5071BD6CF3574660,SHA256=8AE15A645CD6790C1A25A27381A5F34DC4B688B5E236DB1854C465025871671F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.745{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63282-true2001:500:2d:0:0:0:0:dd.root-servers.net53domain 23542300x8000000000000000240029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:42.089{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD87D36E82DA3C58502500543C345D46,SHA256=2F923EB2D6692A3B8CDA70094D29C8AB6D7AD1B494177B762E8D5CC4E884BF77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:43.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2C7D78D66F94C5B527AEFD43307988D,SHA256=F902C6EBF36BE4266FB02F7F886875F8AB4C32137453DE63D503724EE171DD44,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000240036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.551{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\serviceworker.txt2021-10-07 12:29:43.550 23542300x8000000000000000240035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.543{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-walMD5=1FA1114D8B52275E12FE6D6181EC2651,SHA256=7B1FCC08A70281999D23F9EF60FD0A72482174A7C12471CAF740D97732B31224,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.541{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=8CEEF0710E20DD3ABAF8F35EDB75A8F3,SHA256=6E18F8CE73201A638B0F42A5931D148619738AB823B47BD6CEEABB78E32EEA1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.524{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-journalMD5=EA410B8EA1BB58DA2C1E908AB1918EAE,SHA256=D4AE4F3C85CDDE94792204E234BBA785AA7D55A5BF6C1796362ED66DA34ACBFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.516{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-journalMD5=AFD4844819E7A53079EA7AA388DB6893,SHA256=B4208A139FEFA4C1F56B5E65B6E67A6E0C96B469A40D7DB2C00DA1C995BA4F29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.097{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=614B3F176DCB798B884788AFE1B29E94,SHA256=F44DC1C335E103C4899503AE1A6ECEC2FDE60FDAAA515AB5E17B8277E93A01FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:44.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9F87167847B31F7D72AA0963EF3BECA,SHA256=D3F91ACB68D8A962749A880274DAD919B1B8BF56F84F585CBFA9092B9F4BEBCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:44.107{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74FB9BC7767D197C7B9B09970A74F7DE,SHA256=08934826D26FCB9B046E21C970961E9A6E063DE0AC8D88480E0E039198A9960F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:45.908{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:45.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90C8155F7FEDD7B828347DC3CA2E7959,SHA256=DD801A5D5CD72A778C5D257F3EA261B81BC8FF5F6CE78143BAA2969B33899F3A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.353{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-64195-true2001:7fe:0:0:0:0:0:53i.root-servers.net53domain 354300x8000000000000000240040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.059{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56655-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:45.553{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-shmMD5=B39BA3A126F80E4EB0BB6A5E80E406EF,SHA256=BA6EC91CE15F5B9FAECAEC7C2AF682CF253105C451AFE8C16E2833C90CB00B19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:45.112{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EC4482B57549EFAC4ED197748DBD735,SHA256=6908E25D002723A52302076AF125DAC1847A3286B8F3DF6941017CD4976E99C7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:42.622{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50042-false10.0.1.12-8000- 23542300x8000000000000000214064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:46.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A5481D4827419D0D606DFF265152ABD,SHA256=12DB23BD567221A2D852098213A5BABF2B641ED438F848A97D2D2D26EDA46E6C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.992{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.980{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.959{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.951{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.950{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.128{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDA7A6FBA97FF92BF717FC0E27D530BD,SHA256=61F80BDF889CAD2C93A2F7080B8C71468178CC45B7A1C3BAD94B6A3B26B44579,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:44.482{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50043-false10.0.1.12-8089- 23542300x8000000000000000214079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7421CF21EA3D8ADBEA00B8C051B13DBC,SHA256=852DAE153A5548A617DE61D4E9D9F53FD6170BA1AFBCE427345B78EB8198F573,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.950{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.121{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53339-false216.58.212.142fra16s46-in-f14.1e100.net443https 354300x8000000000000000240087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.045{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56656-false216.58.212.142fra16s46-in-f14.1e100.net443https 354300x8000000000000000240086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.044{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56657-false216.58.212.142fra16s46-in-f14.1e100.net443https 354300x8000000000000000240085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.041{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53338- 354300x8000000000000000240084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.041{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53035- 10341000x8000000000000000240083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.709{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.705{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.705{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.703{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.703{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.700{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.438{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.435{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.435{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.146{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E4CC9720F3C2336E69F4A8A82066CEC,SHA256=47BDA02B6C9DB8E77E25089F45B923F3722CE4D81A4789162254D54AC719A6BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.346{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.823{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.821{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.820{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.764{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.762{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.761{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.749{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.749{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.749{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.748{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.748{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.747{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.541{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3826ED82DF14A78E87773BA4C8BF60A,SHA256=08720261752D355B73E93159E79450793EFB04B4A8EE4D45B0AA2A4961F80BF9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.924{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000214097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.689{49C67628-E83C-615E-5701-00000000FE01}18001236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.568{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18FCEB3FE6D0F8ECE2CB1D4B99B485A5,SHA256=91069C1F18E9D9B99333243F490DA6CD550EF6A86275262FE002F7DC64A7FC93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.486{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83A356A02D21C575DF1A6F37F972DA6F,SHA256=677ACE7A200F599EBF83A4A1B72AE637098F4F1F006057AEE4B9A084BD255926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.486{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A94766C7F344D40220251F06AD119BDB,SHA256=DE7028060E572A262CCCEE19BCE6A166CD92DC654535A5DA522157F08142CBF8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.424{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x8000000000000000240092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.053{6EDEAD03-E420-615E-0601-00000000FD01}6016play.google.com02a00:1450:4001:82a::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.050{6EDEAD03-E420-615E-0601-00000000FD01}6016play.google.com0216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.042{6EDEAD03-E420-615E-0601-00000000FD01}6016play.google.com0::ffff:216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000214112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:49.924{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83A356A02D21C575DF1A6F37F972DA6F,SHA256=677ACE7A200F599EBF83A4A1B72AE637098F4F1F006057AEE4B9A084BD255926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:49.580{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F720950034DDA8F6CCF47ADAF70797,SHA256=C9EED75C80130258E0830846E672CF42AC470D0BAC6BD029A08B54A7D5F09AC9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.118{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56658-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000240128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.459{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57034- 10341000x8000000000000000240127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.798{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.677{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.631{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.622{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.621{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.583{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.567{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50E0A4920BC966B302B2ACC0E92AF21C,SHA256=4A7FCF0B761DBE769B349A54C3DF7026D0B3EE69247ECFB64F6D66F4CBF0FDD5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.566{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.561{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.561{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.531{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.527{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.527{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.441{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.441{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.440{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.404{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.401{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:50.580{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56BAF5FDA1B91EE515033721CFEC218A,SHA256=E74F92854F57C0B2D6C164254C9845963A1E46A51EB7130A3521BDF8AD0E3E1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:50.575{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D7112CCD2A359981E9DD150319703CA,SHA256=E10169CAEA4DF55EF103D5B24367757A3242D7B9472220E497DEA4279F5DA00B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.942{49C67628-E83F-615E-5A01-00000000FE01}23163904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214137Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214136Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214135Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214134Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214133Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214132Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214131Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214130Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.722{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.580{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D43B22FBF8E315204EC0DF920AD952E7,SHA256=EBBF7C9D306E00E18EEF0C440B8441FFE1483492FE9DAEC94CFC8C54C858BFFC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.674{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.614{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.610{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.610{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.609{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BAEE6967A48A618A481521440CEE8F7,SHA256=F2E63E8511B3CB29445A21D5EFFE37BDF64F16E3F51C7B589E53ABF22B31404E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.594{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.267{49C67628-E83F-615E-5901-00000000FE01}3876960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.096{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000214114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.747{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50044-false10.0.1.12-8000- 10341000x8000000000000000240152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.584{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.580{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.580{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.570{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.546{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.542{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.541{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.504{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.497{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.494{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.481{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.481{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.480{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.480{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.407{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.384{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.383{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.383{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.374{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.317{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.317{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.302{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214159Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.720{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26FEB05DA48021EF4EB926BFC172B5E5,SHA256=973B28A204F7BD02FCBFA6E6D1A3424095E80F10FF149F91C6535DA5FEB4D066,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.639{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.634{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.634{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.607{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4250DAEC00922561C954B4BEFB9BEABB,SHA256=11576F52777CD55054D989A1C2BD5A0AF68C3EAEF516B697FF09B9B75A158E16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.441{49C67628-E840-615E-5B01-00000000FE01}37921588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4688173FDF284768D9153DE403F30B7F,SHA256=D9B1758B36923CAF8D5C5946CE36140A79F877E452863B03750BF767AE32C66E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.221{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.449{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.388{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.080{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.054{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=49F54E3D24D1F2246EBB621E751EB314,SHA256=9217D9744A7AF1B8752F991A65196DDA70F07C7A8CBCEBF2E88A08EB3CD72A15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.053{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=D21262BA253C00564DAD3DCB85D0A774,SHA256=3DAE8D56CCB852B8192B9B269644DEF8AC3955E92EAA44E43B96256B3E9100F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.047{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=472BDE0EE5D6E54685AF1755BDCEC7B7,SHA256=70601E9BF0689B0B24A8C2B81568E12110513860363D77339C5D0D6CABF4E7FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.024{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=0B29BA8124E41396BE98742CE8C02C9E,SHA256=BC40BD26724D1F9DC4BDCB0D631B0605CA9D5DC48344B62FE8F5E67031EAB19A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.016{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=86186F7A6C4666D67F2B324E3FB8EBF1,SHA256=4F8705D882CB8774D92816CA60870B299077448385CB12409CB938A9B0C8C8EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.005{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=1E72A5797DCFD66476961A044A5F7574,SHA256=B7372922754A8D60F08ED07E072E489E88AB963615799C980C6F82932C11C419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214174Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.767{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10783E34036EE3E1736925222DA8E7F8,SHA256=E047041355C6E7E110F1BFCE78BF737F43DE36B3BBD5CCA66228DE1A18D3A3D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.906{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.905{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.905{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.904{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.756{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.616{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7053E313D7C8FDC50E35C79576FCD646,SHA256=0334228C51B847CDA9836F875D5E5C3590011F1CEEF91244B82702C4852A525B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214173Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214172Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214171Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214170Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214169Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214168Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214167Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214166Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214165Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214164Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214163Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214162Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214161Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.347{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214160Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.221{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EEBCD7936D8EAABCCCF87426EF03A2CF,SHA256=E8E06224F4DA6469AE2492F86A20DB57960F98FFBE548BE1DCB940E26D17BC02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.421{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.410{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d8fb3f|C:\Program Files\Mozilla Firefox\xul.dll+d7e9d1|C:\Program Files\Mozilla Firefox\xul.dll+3ea8a86|C:\Program Files\Mozilla Firefox\xul.dll+21dc6d0|C:\Program Files\Mozilla Firefox\xul.dll+911a3c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8eb004|C:\Program Files\Mozilla Firefox\xul.dll+8ea1a3|C:\Program Files\Mozilla Firefox\xul.dll+8302aa|C:\Program Files\Mozilla Firefox\xul.dll+7ce177|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088 23542300x8000000000000000240215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.737{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84ACEE82BD29E9A028C0B2E920E7B64A,SHA256=B651632EDFBE9E99376BFD670BE0F5406F9F51362252A0EE0B59A0738392DBF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.725{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=305CA6CBE4A1491CA5860E424DF23A42,SHA256=874807B1FCBA0B04A664DA50943C3490311E978F4A3348E1DB2572E0A6B6EF32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214175Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:54.486{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=81FFE499B93A71A45C533D7A2D52B38B,SHA256=39D70F7CA1ED960E8FF6C42DA4436F4CB914EB9C7900F662E64504B03B4A3FAA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d80d70|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.468{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.468{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.468{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+979d46|C:\Program Files\Mozilla Firefox\xul.dll+d96e88|C:\Program Files\Mozilla Firefox\xul.dll+d80a1a|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000240197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+d80991|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.465{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+bc795|C:\Program Files\Mozilla Firefox\xul.dll+d80668|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.465{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9326bf|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+15c3436|C:\Program Files\Mozilla Firefox\xul.dll+192543c|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.457{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E40D-615E-DD00-00000000FD01}27722156C:\Windows\system32\csrss.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E420-615E-0601-00000000FD01}60165412C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f02d|C:\Program Files\Mozilla Firefox\firefox.exe+2e235|C:\Program Files\Mozilla Firefox\xul.dll+1efde1a|C:\Program Files\Mozilla Firefox\xul.dll+92e2ba|C:\Program Files\Mozilla Firefox\xul.dll+92c4c5|C:\Program Files\Mozilla Firefox\xul.dll+93347e|C:\Program Files\Mozilla Firefox\xul.dll+7da221|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe93.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6016.17.114453411\892842068" -childID 6 -isForBrowser -prefsHandle 8900 -prefMapHandle 2744 -prefsLen 11736 -prefMapSize 246975 -jsInit 1164 286204 -parentBuildID 20210927210923 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6016 "\\.\pipe\gecko-crash-server-pipe.6016" 9084 29069487f38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332LowMD5=988976B1058A1DAE198C93A5688142FD,SHA256=28BE8E0485DBA68F6A4B37F6A68D7AE542B0DA00925A69EA12A4E7AA3B477EC6,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000240187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:54.446{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.17.11445341C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.349{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.348{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.337{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 354300x8000000000000000240183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.137{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56659-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.304{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\9288MD5=B09D947D755A0999703909579D395FCC,SHA256=B7F23C1C12EAA6085F4951D5B20690A205491C8AD50BBA6A14E6D56B81E91974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.759{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2095DBA1C9FC2C35554B62513F98BD8E,SHA256=2FF5412E04BBB8AE1D2EEBB1587346040D7CF1486443A8CA1670ABA1DE9DCB1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214176Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:55.017{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BB65388FB834932EE0B5A93E662A19A,SHA256=54841B7B6AD1297B9717222A7F60691D228E424FA9213A31C1B19AE4010CB941,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.727{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+9346c1|C:\Program Files\Mozilla Firefox\xul.dll+99921d|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.680{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.677{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.666{6EDEAD03-E19E-615E-0B00-00000000FD01}636760C:\Windows\system32\lsass.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.666{6EDEAD03-E19E-615E-0B00-00000000FD01}636760C:\Windows\system32\lsass.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.648{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+93bf17|C:\Program Files\Mozilla Firefox\xul.dll+986a39|C:\Program Files\Mozilla Firefox\xul.dll+d88048|C:\Program Files\Mozilla Firefox\xul.dll+193adae|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+1903b07|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000240227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.648{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-5C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000240226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:55.648{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-5C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.627{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.627{6EDEAD03-E423-615E-0801-00000000FD01}5392\chrome.6016.18.192690187C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.627{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+19253b7|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:55.627{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.18.192690187C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.625{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.623{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.17.11445341C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.622{6EDEAD03-E420-615E-0601-00000000FD01}60165416C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+12e9cb|C:\Program Files\Mozilla Firefox\xul.dll+115df2d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.621{6EDEAD03-E420-615E-0601-00000000FD01}6016\gecko-crash-server-pipe.6016C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.470{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98908E53FAB4E1677F44CAFFBD8E2BA8,SHA256=12AB4A6D365F6D8DFB6559194DAB46F190B2DEC0AEBA51D76551FB820C4F64E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.468{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=699791919FC6A2DBE0922230F60A3B61,SHA256=EEB803E90F31721341BAEDF03D6DC1A981A016ADDF91F067B5EB511A5EB68924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:56.765{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D694598EE1515CA3866C3F526A2A29,SHA256=C7EA467EE4065F6943C18733BE8F27A36C5BF7737394A4F7DA9451577F9AD242,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214178Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.763{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50045-false10.0.1.12-8000- 23542300x8000000000000000214177Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:56.080{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3006305EFCF5AF5049F936670C39C81F,SHA256=47B8F51805B15247BD1096559F57974FB70E9FFFC9202A101F57E3B49A884088,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:57.770{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=227CD83563DE18D1DEAE964DC8FC2938,SHA256=76E011F3B883BC8AE3CBD8031AE82607BF7E4EADF93D268347A397E44A87B3FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214179Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:57.080{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BCD4CA44FA164BA904B5BCD6044E9AA,SHA256=D1FFBF4C4CA8E7F63B8CA8FDD86DE12DC40E862A11A645C2A5ABCDA890EF5A2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:58.778{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61BB004BC44FC1D3F26DE6CF9D66A598,SHA256=98CE192626DE011BF29DBA8953B47DCF0F87EE7CB88ED281CCE237262D48C1A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214180Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:58.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF5E23D76716FBC375680B7602F07B6D,SHA256=62CADD2F0923DBF8CB4506C5C0C91B0F4616C53C30BDDCC6F910D3D43DB738FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.782{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDFC815856411F38B1FF2CD5E9D052F1,SHA256=7C63C24981B821D3E0A9059863DE7FA92C8D6443E38CD3B2E9C444D647555550,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214181Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:59.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56EDEAD4B085EF0176E48080891777EE,SHA256=24675AFB4524D60450851357DCCAFA721D9533F7710203A4244754A4E0FABC11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.126{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=8D36103CE71180DC9BA1A2FD89027828,SHA256=CDD0C5823EECFC813FE2CA2BAE9C04A57E3529AD6DB98E0E8D258DBB3233A27A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.123{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=B1B08DB1F34CBC690FB59DBC39BBD937,SHA256=49465E4FB27AD759900541327414A7A7E33D94B4EAFB1C5D670957E129F79E84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.118{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=5623DE2F633C76968F578EBB7CE33AFB,SHA256=628CD85CA65B7D4985E31B667CAFA08D084CF3B975B55AA19A0C51D656EBDAF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.104{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\usageMD5=0C0D0B34923AE350984A5611E718E36E,SHA256=F4104708CB08A5952650EBE695C13673BF06244B42D88EEB77742C70236DE517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.792{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=474DCD79D34B9494EEF5FA538791070B,SHA256=5ADB9034CF0097953875F51824B8BD1C6915E8790D2E5B3C6D5E9E1616BC8871,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214182Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:00.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F12708A5C05D0334DD28232961A43882,SHA256=F32BBC494285BF67DC74473A12047E4C847FEF1E4F0220E5F7D9EE8AAF235102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.137{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B5B92A781D30815E92445DCF4C11F687,SHA256=6F7201AC37E5121FD86C3C9A415354593E8B690FAEF29CF05E6F71A3F6BF031D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.133{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=342CF41F166E1597BA75FC66576D8632,SHA256=A0B1EB89975F8B3245B2EE1078029D21EBADA4299FF7F31E986049BB857EE6C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.129{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=E346681D40DB5FB842CECF554C008356,SHA256=E9D46F933E6FB6A1586442CBCB0CAF645B447E7A9A1C83589C1468D89047AFEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.128{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C04B8CD8A1E35CA8127D28B111BBA389,SHA256=426921C5DDEDBA966B18D627A6E4B00F8DAB679337A4CDB43E1E19682362C90F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.126{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1EAA18B66E503F151205E2AF5DAB0484,SHA256=557491FA1C0F1F9861BCE430BF00A64CF670FBB610546124A2CA45CD45A14916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.122{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=6E6942E4CBB93D1AABF9CF56A5FEB176,SHA256=84655E628F8B0C153825B4517D4D7F89AC3A0A15A66C34D83715AA3D0E94E772,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.109{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56660-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:01.795{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE2BAC2AC95DF38A776568DC10DE4E71,SHA256=0D629B181BBF1912BC761DA19C004D757AF9EE760A63241323A659056FE6D1B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214184Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:57.763{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50046-false10.0.1.12-8000- 23542300x8000000000000000214183Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:01.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1835F2DEA47D448649C420BC411DDADF,SHA256=9B53C7885A721DCDD8159210744D0BE578DF54D207384080000653F10A4F7904,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:02.803{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB5AE3C898E89C8A932B9FDF1D6E9722,SHA256=DB9083C96D95E0E84CB6563E0A367F5BBFDF1E7EB62EFC085C1EC4C339414C56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214185Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:02.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9606B9028216917E19154E1BB928DA0,SHA256=18F3040F32416ED6D2DE8FC5138322A2FE80725AE08FD35240D92590AE1C8A6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:03.810{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E88E34A3C67F3D977038E47C6DE65B98,SHA256=3E432A1D4D43A22E1AC7D6A419D94A792D36E656935E745A3697C729CAD152EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214186Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:03.221{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01EFFB019045256C3C6AE222EB05CCD5,SHA256=60F65783532DB8784576C486C7BB1B2828B507F8286C704A3A67440E51CFC126,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:04.815{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA6BB1E30253662C5B4CD12AF6F38184,SHA256=1BF73CBA25C88025B840A36AD3E676EC27CC4D77A821A1671417FB2C2939A4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214187Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:04.237{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C8C8B25414185B09B2BDBFCDFBB7E9,SHA256=B7E473EC2C2EDE4F8201E4F4357FC03B274FF0E29296FE89C432A6D3BE0F634D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.823{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8563EA355DE5ECC688C19471ADFDE74,SHA256=0E8E54F5DE3868A87F880398047C957A25EC77896EBDFD50DB3859FB4E8A5EE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214188Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:05.330{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21EBE678B1AD2CE171DD3BF88357CB36,SHA256=9D903F84BC2374321220FA3FCA5ACFA46A475A517742CA9D7DD9B5CFA73EB5B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.466{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=BAC7FB7CD8822B0F927C470BD8F108DF,SHA256=907FFB85AED5E152A25D378E0C507185385E3D505BC7DDA4DDA149A700057032,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.143{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=49A577401103EED64B9C69431AFCA295,SHA256=11AEC24DBF9D2F021E66F92D71F544508ECAC9608E2778C30A9B81F0DF7AD62E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.142{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5BCBE1124ED4FAE55D4F4A7DB898DDD1,SHA256=7DFDB330E2C24C4A1B66A3333DBB63E5047280EDDC592565F5F17901DEED9BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.139{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4D4AB94834976C888977B8859A1B6590,SHA256=64B9E6DEDA3C958266B6491D7E61DB5040519026E67F8D2F7E7D279E28D4FF19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.136{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=492F5C3CEB71F2D1490B5FF9E501536A,SHA256=54FCDE23F0AB704E6418240A10C34E755BFC7BE49A57949A3756CCAD478C6D2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.133{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=17ECA1EB7D8E1A6FE9E14C93A3EB0279,SHA256=F5FB0ACE143C696468F4C01B4D7753C2DA19890A325D491C2629E459C7AE0C8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.131{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=78F2555E4AA4759704375BA0B76C23F8,SHA256=C380E8E38192E6343CDCDFFFF1566FCEEDC734774F2C86A690FABBDE4F6E64C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.997{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.983{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.983{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.983{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000240273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:04.979{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56661-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.835{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD4C28D84FE4389506804503A8ECFD3D,SHA256=C2ED3473B9BF45AD6E323E1775EA8A60BFEB5B17BFF55DF7753255BC2681AC4E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214190Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:03.700{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50047-false10.0.1.12-8000- 23542300x8000000000000000214189Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:06.377{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F1F4EF10EF9CE6DBD252E05C26C2D3A,SHA256=D5866CCAE9C7FDD24BFECDA91DE368CE590E3E38CE073C944473E8528256C6BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.423{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.419{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.418{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.418{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.417{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.417{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.417{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.416{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000240263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.362{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=CB1049DF4A20952F0F0628A873F8BA94,SHA256=89CE7B21087E60E41679B8FBE7914A591BA0B78AB8E3E1F8D97011778F977522,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.901{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AE880FA32EC826F94C8AC6E46D13215,SHA256=B31ADFADB5DE49E64DB3769EDB99F9FE8CAF90719C30C8C93D561FE1FA2E0C5C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.634{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56662-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000214191Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:07.440{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F2ECB4A3DF76BED6C9FCA2365A12BFD,SHA256=D3F96BFA329D000B456BF26668DC922D96CA7F241F45EC8CBD29D8FA7AC73AC8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.766{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.522{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+b40b48|C:\Program Files\Mozilla Firefox\xul.dll+b40ead 10341000x8000000000000000240294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.522{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.520{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+2655c0b|C:\Program Files\Mozilla Firefox\xul.dll+2648cf6|C:\Program Files\Mozilla Firefox\xul.dll+b382c0|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2 10341000x8000000000000000240292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.520{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+b40b48|C:\Program Files\Mozilla Firefox\xul.dll+b40ead 10341000x8000000000000000240291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.512{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.504{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.504{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.500{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.498{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.498{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.492{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 23542300x8000000000000000240284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.440{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C034DF5394F0D20E7F1AFFE18A5EB1E5,SHA256=F8DCEF3B1BA2BA5EF87B9D48DB0CA8D7B56C92E31FC313B8A0CBB35D6D961617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.438{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98908E53FAB4E1677F44CAFFBD8E2BA8,SHA256=12AB4A6D365F6D8DFB6559194DAB46F190B2DEC0AEBA51D76551FB820C4F64E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.271{6EDEAD03-E84E-615E-A701-00000000FD01}42926180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.860{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC00C8FA4921C79CF40956E931CD92A5,SHA256=20314CE8991CB8EC71725F185A8B84F380F779842F5E260CD4B40105A5F8BF53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214192Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:08.487{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22DE16856891863614F2C86B64D3DDA,SHA256=2706A21F90E13BEE2E3BFC1DE923DC34540CF894822657B315FB3723ECCEC726,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.634{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56662-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000240307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.773{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C034DF5394F0D20E7F1AFFE18A5EB1E5,SHA256=F8DCEF3B1BA2BA5EF87B9D48DB0CA8D7B56C92E31FC313B8A0CBB35D6D961617,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.151{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000240331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.939{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.932{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.931{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 23542300x8000000000000000240328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.912{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF30064E859CFD285AA9FA64433B16E8,SHA256=A7E8AF6FBADBC214AF7A8E8E2C838DEACF36A96D10E0D8A50353633F9723D946,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214193Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:09.487{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A1089CD7970EBF572EE8BEE2B4669FE,SHA256=1C9651FED9F6F1B0E268CDD21D28B1D402CD9CB1B41577F18532EAF16E9B4C42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.859{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.669{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-49976- 354300x8000000000000000240325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.516{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60112- 354300x8000000000000000240324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.492{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60112- 10341000x8000000000000000240323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.830{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.827{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.782{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.780{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.780{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x8000000000000000240313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.805{6EDEAD03-E420-615E-0601-00000000FD01}6016bunnyinside.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.651{6EDEAD03-E420-615E-0601-00000000FD01}6016bunnyinside.com0103.224.182.210;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.649{6EDEAD03-E420-615E-0601-00000000FD01}6016bunnyinside.com0::ffff:103.224.182.210;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.712{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000240368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.985{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B1B7725D7E5665ED523CCD78F1038AE,SHA256=B26BF14182B5140C1C18A26A6FFE2939B3D7235F120838FD064A7A3924E210FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.924{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.922{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.922{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.920{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214194Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:10.487{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5383A89CAF8BD5F32E0ECEE50C0C45D,SHA256=833ADA7FBA394E3491E919E5F2FD8741650E6BEA2194C612A1471EF645470A1D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.740{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56668-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000240358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.732{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56667-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000240357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.707{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56666-false205.234.175.175vip1.G-anycast1.cachefly.net80http 354300x8000000000000000240356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.707{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56534- 354300x8000000000000000240355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.706{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60371- 354300x8000000000000000240354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.681{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51478- 354300x8000000000000000240353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.603{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56665-false142.250.185.228fra16s53-in-f4.1e100.net80http 354300x8000000000000000240352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.487{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56664-false64.190.63.136-80http 354300x8000000000000000240351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.481{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53148- 354300x8000000000000000240350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.325{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60576- 354300x8000000000000000240349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.299{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60576- 23542300x8000000000000000240348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.783{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4C5DE5AF28AA7053684AA80EFDFEF6BB,SHA256=581E9D5028C7DB82BBB4A1E06E68AEB933AC65C60A4007A762FBC1D9E83C34C1,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000240347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.043{6EDEAD03-E420-615E-0601-00000000FD01}6016afs.googleusercontent.com0type: 5 googlehosted.l.googleusercontent.com;::ffff:142.250.185.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.717{6EDEAD03-E420-615E-0601-00000000FD01}6016vip1.g5.cachefly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.715{6EDEAD03-E420-615E-0601-00000000FD01}6016vip1.g5.cachefly.net0205.234.175.175;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.712{6EDEAD03-E420-615E-0601-00000000FD01}6016img.sedoparking.com0type: 5 sedo.cachefly.net;type: 5 vip1.g5.cachefly.net;::ffff:205.234.175.175;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.491{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedoparking.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.489{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedoparking.com064.190.63.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.488{6EDEAD03-E420-615E-0601-00000000FD01}6016ww16.bunnyinside.com0type: 5 www.sedoparking.com;::ffff:64.190.63.136;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.323{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.310{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.304{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.272{6EDEAD03-E851-615E-A901-00000000FD01}41162224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.186{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.966{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49965- 354300x8000000000000000240334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.966{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57616- 354300x8000000000000000240333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.963{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52300- 354300x8000000000000000240332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.790{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56663-false103.224.182.210lb-182-210.above.com443https 23542300x8000000000000000240395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.991{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=241B665C512D2CCE08AF57CD47AAD677,SHA256=19908E8192EB0C797DDE26C50483A13D70E2C7304A9A2A9E909DFC7E638BF2E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214195Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:11.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71B35441839A2EC93F1E19672DC47587,SHA256=7492132ADE6EA6F008E1E7DBBE3DC6660B1A3F2A9453EE9F9A20278EB5947E70,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56782- 354300x8000000000000000240393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.192{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51666- 354300x8000000000000000240392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.185{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50576- 354300x8000000000000000240391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.185{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56382- 22542200x8000000000000000240390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.209{6EDEAD03-E420-615E-0601-00000000FD01}6016sedo.com0104.16.4.91;104.16.5.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.208{6EDEAD03-E420-615E-0601-00000000FD01}6016sedo.com0::ffff:104.16.5.91;::ffff:104.16.4.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.200{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedo.com0104.16.5.91;104.16.4.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.199{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedo.com0::ffff:104.16.4.91;::ffff:104.16.5.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.051{6EDEAD03-E420-615E-0601-00000000FD01}6016googlehosted.l.googleusercontent.com02a00:1450:4001:80e::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.049{6EDEAD03-E420-615E-0601-00000000FD01}6016googlehosted.l.googleusercontent.com0142.250.185.65;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.706{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.703{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.703{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.440{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.439{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.085{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56672-false142.250.186.67fra24s05-in-f3.1e100.net80http 354300x8000000000000000240373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.059{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56671-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000240372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.039{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56669-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000240371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.037{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56670-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000240370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.031{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52895- 10341000x8000000000000000240369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.252{6EDEAD03-E852-615E-AA01-00000000FD01}65566888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214196Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:12.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EC028B673342B7865A69FDB55647D25,SHA256=B2EF5F91029FF9A7EE11AD8C11E8D6FA10479C50F4D0A2568ED18CB24E9C7028,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.705{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59144- 354300x8000000000000000240409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.704{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60461- 22542200x8000000000000000240408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.215{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedo.com02606:4700::6810:55b;2606:4700::6810:45b;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.215{6EDEAD03-E420-615E-0601-00000000FD01}6016sedo.com02606:4700::6810:45b;2606:4700::6810:55b;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.483{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.482{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.482{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.095{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+ab5763|C:\Program Files\Mozilla Firefox\xul.dll+ab60f1|C:\Program Files\Mozilla Firefox\xul.dll+ab545d|C:\Program Files\Mozilla Firefox\xul.dll+ab4662|C:\Program Files\Mozilla Firefox\xul.dll+adbd21|C:\Program Files\Mozilla Firefox\xul.dll+19842fd|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4 23542300x8000000000000000240397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.016{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7B1C9B34EFEED7ED7A13A1E5516B9D5,SHA256=76B429B0F585B3450F21EC7577AB91FA9D764AA19FFEBE9778B65564A0A0C15D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.008{6EDEAD03-E853-615E-AB01-00000000FD01}57605884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214198Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:09.653{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50048-false10.0.1.12-8000- 23542300x8000000000000000214197Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:13.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5893913608B767F862342D43DC613C55,SHA256=541980242A00C9E5E944714BC04196722AEF9285D2F6E92393DFFB2A2314048F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:13.491{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D4BCCE4CCA2F6384B045EA08E6A06801,SHA256=CF491923509B7AB86318FC5A63A050AE067AAF72CFE24F15FA93C304787A98B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:13.003{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02463DE63D7F81C2277A22B4C3A1E10C,SHA256=375995B7D0683E936A1BA39B2AE52D9B87D3AB1DAECE928BFEFF9159BECEEF63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214199Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:14.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=702869A5064E895420CD34E81AF225F1,SHA256=9C4BFE479CA1B11D399EC7B915F41FB42613927F4E99C945B23F92D71789178A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:14.008{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D70BACBD78C4F0CB731CC6BFF7F5C708,SHA256=94E17E96ABDA6244DA536627A6F5C3122E6D0EFC2B31DF7F22EE4AE430CF8759,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214200Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:15.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC4CF430EDFF85F5A0231F036D37797F,SHA256=E31EBB027B147DF0032369957F3E525B3C188003A67F89F6FFBA5F1B516C54B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.709{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000240419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:15.228{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.19.151342498C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.224{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000240417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.222{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f 10341000x8000000000000000240416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.182{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.179{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 23542300x8000000000000000240414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.011{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CC5FF1657F35FC5E770934769DD9499,SHA256=839D23378BCAE4DE211762C31DF6A6981E35EB6DB93E675CB55B942BF31D0C45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214201Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:16.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201AD4889521C2254803D93111C458B7,SHA256=ECF0F9E52676C1EDFB602E31B61BE8A50F5A5B83CFDAD6EDD77DEE053F922BC0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.132{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56673-false35.227.207.240240.207.227.35.bc.googleusercontent.com443https 354300x8000000000000000240422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.128{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54413- 23542300x8000000000000000240421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:16.017{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CF9C1F49B3987F7F7866B66AD704769,SHA256=4DAD3DD3ED2D57435E052F62C26F986C3C59C7CBC7AD97039924ECCB79B0514C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214202Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:17.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=977B6D09D1E3BB22EAF5C04C7571804C,SHA256=D3EA9B894B817A215DC90D56FF46E391095020DDAD06C556432644210B4D111D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:16.027{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56674-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:17.022{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51EA9363A597B93772C41DE0C5D732E0,SHA256=4E22BC3A9F3A3A438DE3E29E6F15378CD134FD157DF69DB8E216DFD3BADF0DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214204Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:18.726{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-027MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214203Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:18.598{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45AF7727675456708C053DE5A004E412,SHA256=217236E69D8F7642C2D173489F1F3DB85760325A90C066C068327FD5D67AB44E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:18.030{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5018CD091E039EC486650AE4926A48F,SHA256=DB2F242291C44EB2862356CA0F1D794B115381777CEE6D35EAA67D78F856D705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214207Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:19.727{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-028MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214206Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:19.664{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9439197F96145143F289C391D388CCD7,SHA256=E616259967333EAE07D54C8D2DCFC718B3D39F158C951CD65C9D777B4C913BFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:19.031{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DBC75396E316EF2BDAFD4912F6E04E2,SHA256=328D98893361643345FDB1941BF815039817ED936DF9F38E460C9458E7999618,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214205Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:15.622{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50049-false10.0.1.12-8000- 23542300x8000000000000000214208Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:20.757{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B97BD9C4556F2E2D8F9A4F9266B1CB7,SHA256=628DBC8BB3B72CF7B70A942750175F49322E19C74624B23E61FB91D282AF1156,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:20.035{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF3A4377DFA0F7CBDC4519D7FE49ACA9,SHA256=5EF6A426CE1033919743CB9B46A5BC4EA1BAA55285E50D99AC9A4E15097B5E4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214209Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:21.804{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3754CEAB25C235FF10B77A3B94766166,SHA256=BD8706CFA0E0BC0E8244F677F79CA725251A5E164D072E1010CC4721FE90E7E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.161{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1F8E283FA9B034C620825925BF9D5D72,SHA256=820A28A7906B8438609F88CFAFF906866E64358E89A2BF37F4138D74F2379E83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.161{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=86502FEEF5AFFE1B43631DFABDCEE172,SHA256=667E134684746C9FCED44F6E132B163811812A7DAAC6077FEAEB54E0F9B14B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.158{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=DC1D1F487B90716CF7922E5C4DB5C72B,SHA256=F68466B02502EE20F83A50672692345D52CF63FF29BD5A52720896D0EA407872,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.158{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=E614E9428876929D95ADCDD4AE46B47D,SHA256=31EEAEAEBACFFE1E00D7DFD4AB0F1176FCD7DFC2B2DA18ABC1BC4231CCC16216,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.152{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=FC9E97E9F0B0626BA05332EE1A8BC23C,SHA256=4899E17AC5042ADF94C9938A085CFD05A8A6BCD6E6A4FC2A1C732D68D484B58D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.040{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA7EA0B580E14CF10DB6F3FE52C54352,SHA256=D08E4D77191ACD11F9D71A3A4A066154729C847122DBA9987665C40251CDC586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214210Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:22.820{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF42B3B7369978EB4CCA5D0168DB6CB6,SHA256=E5129F458FE047D9090DB07CB7E19D3159E8DB2886189BE00981E0CEA5456369,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:22.056{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F724574CBC6AB0590D74B5E0243D64FC,SHA256=33A2D367A32ABE482E3E1C1BEE59B808C12AE4E48EC81AA083A4B6689D85EA75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214212Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:23.882{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EBFE47B956BFA5D5FA2DDB5BDC082B1,SHA256=7A1594F7E68532CA88E0F59C4E206BAF4B91EEE7F69C6F29BDFD4A0745730B3A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.921{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56675-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000240438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:23.437{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+1925623|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:23.437{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.20.100770009C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:23.060{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=808504FC0442AA8ECBFA014F411769CC,SHA256=3991D9BAC1DBE428D1AFBF48CC9AD62CA33E42AAB4AC6B68E4BF18D12B134E11,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214211Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:20.721{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50050-false10.0.1.12-8000- 23542300x8000000000000000214213Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:24.914{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FFBA2AA1C143F636CF2978F06005CBB,SHA256=D29030311EC5887E53FE7851476A4D7468BBCF44367403EB967CBB3263777467,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:24.077{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38B4B29462C426ACB832D2D04864B026,SHA256=9AE69EE594FD7EFEDE75E01545ACAFA25A9C61DA8752BF4CF47CA8B886CF6CC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214214Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:25.945{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64471A7A5540281C8B00CA8B41923EB4,SHA256=9486D2C50C4C66D9AC7BB1696B567C734BA5D815244719ADF3C88DCE6C007403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:25.079{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0694D8DB1200CE3FCD238D67877EFA7A,SHA256=CAE2DAF17C141638A044C1B5667116C93306630BF3C5D330C556DD3C2C2FF647,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214215Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:26.945{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83BA7665FAECCDAB9BF8CA7745DDF669,SHA256=16D3319283C9049382CEBE26371C5E32BC63564EF68A1E84A802CD229D7113AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:26.693{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=F7286884BAA0CCCB5C3114A6CFAEE9AD,SHA256=37CF0FC608DB2D92C3E1201E6E7D4058C72DE26732CEE5CC974BD6E67354C299,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:26.083{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D5F25C06B7B65B1B19CCC9FA4B0E795,SHA256=9FF57CA52E13D66FF5F711423C25BC54959F00EB7423DC7658C13817F4C1FB34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214216Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:27.992{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C75353F671637F674B11432BF52D3C82,SHA256=FAB06AB94E8B4414F47F8AF18C683A66AD8FE2BE95FF950F7BE40B7A7F1FD2B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:27.088{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=336AC45A1C0D157B1603A34BAC7EC5D8,SHA256=D3A90882ECC5DB8E4D2E07E924F0600D9AAA0D728C03393CDE5B95FD848F942E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:26.928{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56676-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.095{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=105C8412F36A5BA9D9BFE762874A3CE5,SHA256=631C6A4E1356FFB9B6AC044616AD76E0FC346A5F44C287BEFA34509C381AE61E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214217Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:25.768{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50051-false10.0.1.12-8000- 354300x8000000000000000240457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.285{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54128- 354300x8000000000000000240456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.283{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50586- 10341000x8000000000000000240455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.598{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 23542300x8000000000000000240454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.462{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\18003MD5=03071471281C0F922BA3B57CF7B343DC,SHA256=9D089EB2A862AD89CE999B0B37ACEE78C081D5ED8EB625C99F711E812C9D1FBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.456{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\30933MD5=A7AFE1E174873EA76CAF91F334C7EEAB,SHA256=E3E7233DAFB8BA1C859A1E88C9718ED4E2AB64A606DF93C064AF572868037DE4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.454{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.450{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.450{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.324{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.112{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4DB0AF68B426038DD4CF2AC12596545,SHA256=53AF8FB06EB7471BA817C3C2BEBC2F70C3EFC2EF8883EE5603D8C72CDDEF1C20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214218Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:29.023{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26FB70F29DA4EC5FDBE64A20EB983D7F,SHA256=0D2826E3FA5F3146DDEEC940B6D8971DC48CA667D6B2915B693EA79E4F341CF1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.057{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d8fb3f|C:\Program Files\Mozilla Firefox\xul.dll+d7e9d1|C:\Program Files\Mozilla Firefox\xul.dll+3ea8a86|C:\Program Files\Mozilla Firefox\xul.dll+21dc6d0|C:\Program Files\Mozilla Firefox\xul.dll+911a3c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051|C:\Program Files\Mozilla Firefox\xul.dll+8e0e2e|C:\Program Files\Mozilla Firefox\xul.dll+8e018e|C:\Program Files\Mozilla Firefox\xul.dll+8ea0a7|C:\Program Files\Mozilla Firefox\xul.dll+8302aa|C:\Program Files\Mozilla Firefox\xul.dll+7ce177|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f 23542300x8000000000000000214219Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:30.227{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFC7406B4D206F091A41D74392713783,SHA256=F38EA19EE51375B3268183A2575D78A44575091A65DCCAE702F4B685FB842A3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.531{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52047- 354300x8000000000000000240506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.526{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50602- 354300x8000000000000000240505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.497{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50022- 354300x8000000000000000240504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.484{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60259- 23542300x8000000000000000240503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.444{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A48B470B22E0328C23595891C17A131,SHA256=B66984530B8045592940979B71897A125ECEDFAC66BA1E22C1B3A70462B87D95,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.307{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+9346c1|C:\Program Files\Mozilla Firefox\xul.dll+99921d|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.283{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.283{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.268{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.268{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.253{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+93bf17|C:\Program Files\Mozilla Firefox\xul.dll+986a39|C:\Program Files\Mozilla Firefox\xul.dll+d88048|C:\Program Files\Mozilla Firefox\xul.dll+193adae|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+1903b07|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000240496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.253{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-6C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000240495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:30.253{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-6C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.240{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.238{6EDEAD03-E423-615E-0801-00000000FD01}5392\chrome.6016.22.112636241C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.238{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+19253b7|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:30.238{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.22.112636241C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.237{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.236{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.21.83225338C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.234{6EDEAD03-E420-615E-0601-00000000FD01}60165416C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+12e9cb|C:\Program Files\Mozilla Firefox\xul.dll+115df2d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.234{6EDEAD03-E420-615E-0601-00000000FD01}6016\gecko-crash-server-pipe.6016C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000240486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.985{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56207- 23542300x8000000000000000240485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.149{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64AE7A3A5985718F07F3835B16B28C39,SHA256=F14C845C200C6FC4737AECAABFE9DB9B983837517466DBF9F3FA613FC3DADFB6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d80d70|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.130{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.130{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+979d46|C:\Program Files\Mozilla Firefox\xul.dll+d96e88|C:\Program Files\Mozilla Firefox\xul.dll+d80a1a|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000240468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.126{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+d80991|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.126{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+bc795|C:\Program Files\Mozilla Firefox\xul.dll+d80668|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.126{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9326bf|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+15c3436|C:\Program Files\Mozilla Firefox\xul.dll+192543c|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E420-615E-0601-00000000FD01}60165412C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f02d|C:\Program Files\Mozilla Firefox\firefox.exe+2e235|C:\Program Files\Mozilla Firefox\xul.dll+1efde1a|C:\Program Files\Mozilla Firefox\xul.dll+92e2ba|C:\Program Files\Mozilla Firefox\xul.dll+92c4c5|C:\Program Files\Mozilla Firefox\xul.dll+93347e|C:\Program Files\Mozilla Firefox\xul.dll+7da221|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.106{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe93.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6016.21.832253384\733986404" -childID 7 -isForBrowser -prefsHandle 5088 -prefMapHandle 2188 -prefsLen 11823 -prefMapSize 246975 -jsInit 1164 286204 -parentBuildID 20210927210923 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6016 "\\.\pipe\gecko-crash-server-pipe.6016" 1888 29069488338 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332LowMD5=988976B1058A1DAE198C93A5688142FD,SHA256=28BE8E0485DBA68F6A4B37F6A68D7AE542B0DA00925A69EA12A4E7AA3B477EC6,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000240458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:30.078{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.21.83225338C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000214220Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:31.352{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B18379900A18DA20318520602E115963,SHA256=6C3D0E58031D54FBF067120CE6730B638137DA6D4D4C4A3FA8343C8EF7913F13,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000240512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.507{6EDEAD03-E420-615E-0601-00000000FD01}6016analytics-collector-28944298.us-east-1.elb.amazonaws.com034.230.149.116;23.21.66.55;54.84.193.129;54.209.192.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.505{6EDEAD03-E420-615E-0601-00000000FD01}6016collector.githubapp.com0type: 5 analytics-collector-28944298.us-east-1.elb.amazonaws.com;::ffff:54.209.192.22;::ffff:34.230.149.116;::ffff:23.21.66.55;::ffff:54.84.193.129;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.145{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F0D0699CD0D7FECE574C76885D93DD4,SHA256=BE6B3B8054C6643F956B7E21D1ECBEC487070F7CC2A82284817535FB3022F17D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.111{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0EF63F9702868B26488182064EE76C18,SHA256=DB0FFFB4745D5D3C601A4D642D0F660B41B7EEF1409F4E28CD268F108BD6E29E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.109{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2B253402314F29DF0E6D4C1BF1A95778,SHA256=FC56008D318C24A0EF270FA4F5E500006448DA4A16B99E520FBC680D3970ED51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214221Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:32.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4654A7858F22D2C8DAE5FF9E55BEF59A,SHA256=A44AE52AC5FBCB3C20A8F8044716F62872C4B073E026E8EE88990BD4A7C3DE09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:32.152{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8726D10A71C6A2FAB433C8E9C55446C1,SHA256=49B779C03DEBD708301E352A0D81CBC7B50EC15D88D10C072993D87A531222EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214222Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:33.508{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11DC01AB344DCF53DDAC4AEC0921AC94,SHA256=35D499630CC04DEDD96229FC9AA2D15D491A8C9EBF4092A1E39284D9649D120A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:33.910{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:33.910{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:33.153{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D53B46E047AFC35A374F0BDDBAD37F0,SHA256=7CD5168638A421725F207018021B8A18F1548F2248785C66998A356ACC549899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214223Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:34.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08E69222E664EB81BE92A4A8F37741CA,SHA256=581C408B9166B6538D57958079A985664A1BF18B7CAE5644A46F6B5525C13CAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.635{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=48860F9F489992EF8BE92F56495A493C,SHA256=7C97219D42E9D468227EC4CFA95BBE26FCDE4914ABCE31664A0B14590784B832,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.632{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=EB2398907E9FAA046D2EC40208598FB7,SHA256=D2F9AED214ABA9C09ADCE1D90C97488C0EBF23ABC94BCB8B5B6DE0682B771DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.626{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=29CA6ED7F8AB34C216467B4A66EFFF97,SHA256=C0EF41CBE3C4E49E2D2551727994A4630C4220C575DE8C0D47E14BF7F559F249,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.614{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\usageMD5=0C0D0B34923AE350984A5611E718E36E,SHA256=F4104708CB08A5952650EBE695C13673BF06244B42D88EEB77742C70236DE517,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.966{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56677-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.158{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DDE1F8270262AE4B64214AFAF0113A6,SHA256=186E7ACC28B321EFB255450DABB706244F78D77E4608AF330F4F4116FF77C94D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.100{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.100{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:35.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A3FE6C4BB6FDC4DC77F06D6F6705DBE,SHA256=1A0468C7F2512336AD45C8B1D3AF7B4A12DC6FB00B9E64DFF801A0B01BE3107A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:35.167{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28FBC313D92020168271CCFC9C0560F4,SHA256=D0A323A247033303FFA0FBA159DC802E7A2750DCAC44D1AA5D1B5CFCF454FC99,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214225Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:31.580{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50052-false10.0.1.12-8000- 23542300x8000000000000000214224Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:35.055{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=5EDD1496656655FB85AC4E419D8949A3,SHA256=F51D85A26728D64CB792CDE8F28A8440B5DB4B3FA2C66C3E6017A4B789FBB667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:36.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31ED5454569C772565972D158EB9D14E,SHA256=EB3BA052E62936C28D359CD08FF4C07C40A58C32D7B828D0DC41EAD9EA031A0E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.989{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.767{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=06ADB0144E811883BD86427627596A87,SHA256=4BE2D5F48019A564769BBC7D5D0576C86F7A3290055EFFD36507D15C63BD274E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.182{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C68763E87BE81A2CC74A3C09C1866161,SHA256=BED025613713A7E115640F565FF30BD0B94C2AB74F8DED50AE927096AA38E71E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.170{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.170{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:37.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E42359651115686F71C74C41AC1FD63E,SHA256=66CDA6C513537EA934D01D4FE3DE8F121AA01E9553E5480CAB54650CEAABC93A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.189{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E11102ADA7D637956721F1C8117F00,SHA256=AC00E96D690709BB7B326093EFF5DDA72FF18877ADB66B41A90B50710C5A9408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.129{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=8DC5836FB02C75CF1F7A520D22B7637B,SHA256=9F719894ABFAB94650A0C5A8853BF1EFC70F6A6EA938C5414FA9BAB23DBACCD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.024{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-027MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.007{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.989{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:38.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC2FF6479931722D43C8D6DF850FD269,SHA256=4DADCC81500FAA4ABB375032175DEA8DCA0CAFFAF53D39FEC9C89F72344FAAC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:38.215{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A3043A0A37BB3E6D267F4395E4EC797,SHA256=18B4004FFF325681C1B2112BE6EBCA22B2B06C2A0B1F7F89B06F5768C2B395E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:38.021{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-028MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:39.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE8624278AA5F05870F35C8C90652341,SHA256=52BA91FDCE96028976DE3BFDFAFA772A16CF7CAB74E39A76150CD3C2A0E0BAD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.092{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56678-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:39.225{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=504EC0900B81ADE8DFC3693B25DB5134,SHA256=E97B8FD172E92A890E8143C542419F830E14661BF14A3C5F33373CA3EE29B8A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:40.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13E6771335F988977F5CE2633A0FE549,SHA256=7FE5C2247169416692AE4F6F2AA881A8CC3A1AAABDCBEE97424F93CB27E4A8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:40.682{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:40.229{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4902D3AD8FD8F3D2F0D8D662632CFB69,SHA256=27BC77C4956164A7A6A9E985BF009E13027143658D29511D0DD6655A5C620832,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:36.658{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50053-false10.0.1.12-8000- 23542300x8000000000000000214233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:41.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F972231FA87B5C7B353B91C5D7B31E5F,SHA256=F9F4E9F979B832BCC967DE13585D4532D2EDA04837A0DE7EE415698E1F24496B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:41.235{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=374A2F46474DBC832A3A6308FACB7EF8,SHA256=D6684C9298F4191161E9CEFB96BB15E0410D477C393D9964E66AFB5C39C9787A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:42.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16651D17B1E30A6E78912009624506BD,SHA256=3BC8F1403B9C0A3D00609F49D636D50B51F5A12E67C012A2C4D6DD7A6D28FCE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=AF2F9A99686EA9A5AEF749F8DF07DDE0,SHA256=E591D5776B05B1A7B5917668032C848E9D599D983845114D6950F884276B56E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=D3B48A9C463814AF28962BE906EB4630,SHA256=95F9A4539DF60144C65F25BF0BB4AC80E7D7B9C88F2A03612E0DAE614B7C0CBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=9BB4C755C54C9A0C9DFFEEA6650207DE,SHA256=B2B0A0B52BB66F44D22D530519689D6FFB04D1C992EA5E9C57A48E57A559D65F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=DC1BEFC74DCE3FAFFA066FDB5D967FDE,SHA256=7E3C05704D2B65C0F519B7E0E9D39FC4513EF7177E85DC2CD101225F9FC7FE90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=6835BEBF285BA10AD0C1E566CA3460BC,SHA256=2DE32A20B7CA76698B47110DE7C2A270BFD986D52B2CE7E12F38564FA03ACA51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.237{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21CF91D240A5C8EC7991043DBA25D8B7,SHA256=2850FB2B13B0D2D12D87D77EBF11A61D151C4E82CFD64A3D71EC3F34939E45D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:43.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD52415EFC231BF646D1DF2E760E1666,SHA256=890BD97CFCFFF1BEC511C9EADD4B4A2D91A7416B3B0BD57967EF4AD8811FE45B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:40.571{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56679-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000240549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:43.254{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C933FE8DA41FC6B9EC047D93FB81893,SHA256=364ABDA2689DCD423BFFEE7EF125EE140E8A5C05162C42C6B0734F9D913D6298,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:44.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7397E0A769F826D6850FFD4C613E83DF,SHA256=8DAA4D038093AEFE33745362AF4F8C6E03729A92BB02324FB1141C7DC5414D69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:44.269{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2141F5046B7FDA159174945CB39FF38,SHA256=1B816BB9FFB9B9BBD3B3C358ABB051414FDD2E57A4B280DC263C7390C36C3EEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:45.930{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:41.815{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50054-false10.0.1.12-8000- 23542300x8000000000000000214237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:45.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FE780BE9EDC490046E06D1CC0494E30,SHA256=8B40BB7058348928DF2A95EC2CBEAD1D46B30657E22E233FAD8DDE506D5FDCDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:45.284{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5637DCDB370D5E7F7777EA165CCD2285,SHA256=6D582A478AB3E09D73EBC9CAAED59911ED6F8754611F4577260B075C498D0E5A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:43.090{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56680-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000240558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.442{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000240557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.442{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000240556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.354{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.354{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebf0b9|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000240554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.285{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD7ABA5942A0AC7E77598D11067D08D7,SHA256=E92CB487799BD8A24A14AC093B851D85D5F6DECC5F1941C1AD1F8B9130464596,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:46.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A51268DEC06555109DB31071D1252EDC,SHA256=AED14C31E717FE25F9027244F5A03B0CC918135C715192ABBAC4C95C4F0DB058,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:44.487{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50055-false10.0.1.12-8089- 23542300x8000000000000000214254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=703098796E9F65E7D2FACC9D26E34385,SHA256=5435A2B73CAD8ACC872A266E4C368C3FD25948BD49F281AF6FA3606C7103CDF9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.998{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.994{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.994{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 23542300x8000000000000000240562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.974{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\159MD5=6957C2F34EE46CA983E0090DF8FBE411,SHA256=3B0CB1E8036831146AD738F7413E31424F5EAF2F3B27E30453A3447B49480571,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.677{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.620{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.291{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5D071D4C76CA95987E3B598587E26B5,SHA256=7F00E52FA7D2C1FCDD5302B3194B67E8E2CACF9F9D88D934DA6BF6AFB8E9F06D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214250Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214249Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214248Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214247Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214246Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214245Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214244Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214243Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214242Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214241Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A0A52AF858EB19979FEB092B07DD50F,SHA256=D62704E5EAC48491587775958EF44011E85DE63239C8EA09204BBD32F1F069F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.988{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.940{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.614{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local50727-false142.250.185.238fra16s53-in-f14.1e100.net443https 354300x8000000000000000240582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.614{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59863- 354300x8000000000000000240581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.602{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50726- 10341000x8000000000000000240580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.912{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.912{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.532{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51693- 354300x8000000000000000240577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.528{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local49853-false142.250.186.131fra24s07-in-f3.1e100.net443https 10341000x8000000000000000240576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.601{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.502{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=852AE1A6EF77825D68BFFB3548E81128,SHA256=E299AFDFBE57B305E28985984B98D96DB1ECC27BC31EBD78859FF32745A1AFD9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.431{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.399{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.392{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.392{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000240570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.632{6EDEAD03-E420-615E-0601-00000000FD01}6016plus.l.google.com02a00:1450:4001:813::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.622{6EDEAD03-E420-615E-0601-00000000FD01}6016plus.l.google.com0142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.621{6EDEAD03-E420-615E-0601-00000000FD01}6016apis.google.com0type: 5 plus.l.google.com;::ffff:142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.308{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C80893269CBAD72740BA5B14DF45C3D,SHA256=BED808D2493AA810522322EA9581B25D394C4682A83EF0ACB71AB55FCA475A50,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.602{49C67628-E878-615E-5E01-00000000FE01}13721948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214270Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E878-615E-5E01-00000000FE01}1372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214269Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214268Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214267Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214266Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214265Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214264Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214263Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214262Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214261Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214260Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E878-615E-5E01-00000000FE01}1372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214259Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E878-615E-5E01-00000000FE01}1372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214258Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.446{49C67628-E878-615E-5E01-00000000FE01}1372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214257Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8CC1129CFFADD487D5909A23A1AD0D0,SHA256=B98C4656889C7272EE627816ECB82A08A477C77CF5DECC226F7346A7E0F645B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214256Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=93D702A63262B63AFCE8FC8EB41602AB,SHA256=E364A94D9746E0F3887EC0B4D802092D3593FBBC972CA54433507063545CC893,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.014{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 23542300x8000000000000000214287Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E0EA640F22BD9C6430E3F941BDF21BE,SHA256=0936F1749A6286986796BFCC48547B2A7C52A3D33A33E06B6171E8540221BF05,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.824{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56681-false216.58.212.131ams15s21-in-f131.1e100.net443https 354300x8000000000000000240596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.820{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61243- 23542300x8000000000000000240595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:49.689{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\17005MD5=2255C8FCDCC9298A4FDAB11804F9B4E3,SHA256=8D3406EF0414D369B15DEF54AF94720EDB1BC6976E6AF9CA49FBD5AFBF14CBE6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.484{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60444- 23542300x8000000000000000240593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:49.322{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=362BAFC7C91B6101637957FC3CC4A7D0,SHA256=7A637025E1C2CF2265A2AF2EECA1FBD4D8CA84391398493129029F103B68D622,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214286Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.493{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8CC1129CFFADD487D5909A23A1AD0D0,SHA256=B98C4656889C7272EE627816ECB82A08A477C77CF5DECC226F7346A7E0F645B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214285Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E879-615E-5F01-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214284Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214283Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214282Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214281Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214280Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214279Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214278Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214277Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214276Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214275Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E879-615E-5F01-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214274Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E879-615E-5F01-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214273Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:49.118{49C67628-E879-615E-5F01-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000240592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.059{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53083- 354300x8000000000000000240591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.058{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60690- 354300x8000000000000000240590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.952{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59087- 354300x8000000000000000240589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.901{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57536- 354300x8000000000000000240588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.898{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52531- 10341000x8000000000000000240587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:49.035{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:49.035{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 23542300x8000000000000000214288Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:50.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E64CDBB88C5B68556B03A971015A03E9,SHA256=F4E2A1E4AB6F4F4B72B56F01616B6025E7961AB9D68540FD91363CF4FEDA71A6,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000240602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.838{6EDEAD03-E420-615E-0601-00000000FD01}6016id.google.com02a00:1450:4001:827::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.832{6EDEAD03-E420-615E-0601-00000000FD01}6016id.google.com0216.58.212.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.831{6EDEAD03-E420-615E-0601-00000000FD01}6016id.google.com0::ffff:216.58.212.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.499{6EDEAD03-E420-615E-0601-00000000FD01}6016gstaticadssl.l.google.com02a00:1450:4001:831::2003;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:50.324{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B308AEDB670476DFC2DB9ED86E5C3B4C,SHA256=16DB91BC73D3E6EEF3BA2EC56E9F3B26F06C2DD16A58D1F8082DB6D718877B54,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.899{49C67628-E87B-615E-6101-00000000FE01}36963764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E87B-615E-6101-00000000FE01}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E87B-615E-6101-00000000FE01}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.727{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E87B-615E-6101-00000000FE01}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.729{49C67628-E87B-615E-6101-00000000FE01}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3695AA390101D6FC4D7DA4258F7474A0,SHA256=CC2B13ADB0F0E742F7F44201BB84A87B9C426D9E54F5E6DC24E914A1250633C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.974{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.974{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000240610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.974{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.971{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.916{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.913{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.913{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.330{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F865BAC970907B0E10829E468A1115EA,SHA256=ECAAB6234D2BDE387C55073027F389A136CDB459055D28FA809749AC236E608B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.258{49C67628-E87B-615E-6001-00000000FE01}17042584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E87B-615E-6001-00000000FE01}1704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214298Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214297Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214296Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214295Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214294Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214293Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214292Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E87B-615E-6001-00000000FE01}1704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214291Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.102{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E87B-615E-6001-00000000FE01}1704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214290Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:51.103{49C67628-E87B-615E-6001-00000000FE01}1704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000214289Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.737{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50056-false10.0.1.12-8000- 23542300x8000000000000000240604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.218{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=E8445ECD85EED90536CB41CDB4EFD382,SHA256=787B2BED9A2B8E54D8DC086FF3B4D721ECF3B1CB664756C577A1EFFF98CD6FFD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:49.007{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56682-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.712{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6182B7324B26A74157BEB4AB5F30C7D0,SHA256=4FA6C1B90DF432BE63352654C94C898B2B206134F7871602CBDCDF208AB08691,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.969{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=D9A5C04DC3CEE220351ACD75E454F4FD,SHA256=C80CBBBF48F8C7D1EB7B3B3CB1788C93BD8648C577FA67F003B3A4C5B22248B8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.825{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50435- 354300x8000000000000000240692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.683{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56700-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.682{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56699-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.682{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56697-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.682{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56698-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.682{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56696-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.682{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56695-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.682{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56693-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.681{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56694-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.681{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56692-false104.75.88.44a104-75-88-44.deploy.static.akamaitechnologies.com443https 354300x8000000000000000240683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.643{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local65500-false104.16.18.94-443https 354300x8000000000000000240682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.636{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local65499-false216.58.212.138ams15s21-in-f138.1e100.net443https 23542300x8000000000000000240681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.877{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=9913C7CADB36FA3D73842F0476F74E73,SHA256=42C4A248681D4E7E1E31CE68BEB63001DCBB79306C7D759BC4CE6BB49354BF6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.877{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=07345F1B0637B81AB6FD694735FBA2EB,SHA256=45FD4816A8B33710D9AB5FE2E7B67DB2B351ADD7B7D28229243E727B5E71EF9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.871{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++www.google.com\ls\data.sqlite-journalMD5=6CC0152F8D2F263C31E170E81EB4EE96,SHA256=48C8A78CD1397391C1513D7E05497773F5D65E53FDA2006333E16270BC1B1B43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.859{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++www.google.com\ls\usageMD5=71F100DF238DB0E9A17A1C467E978B03,SHA256=BAF81D3E5D71ECF810BD4EA9ACD442B1ACFF3C658A258595AE530E6B65757F18,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.592{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56691-false69.16.175.10tlb.hwcdn.net443https 354300x8000000000000000240676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.542{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56690-false104.18.22.52-443https 354300x8000000000000000240675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.533{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58467- 354300x8000000000000000240674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.527{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56182- 354300x8000000000000000240673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.526{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59285- 354300x8000000000000000240672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.524{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51097- 354300x8000000000000000240671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.523{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56689-false104.16.18.94-443https 354300x8000000000000000240670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.523{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56688-false104.16.18.94-443https 354300x8000000000000000240669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.523{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56686-false104.16.18.94-443https 354300x8000000000000000240668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.520{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52485- 354300x8000000000000000240667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.519{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56462- 354300x8000000000000000240666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.519{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56687-false104.16.18.94-443https 354300x8000000000000000240665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.518{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56684-false216.58.212.138ams15s21-in-f138.1e100.net443https 354300x8000000000000000240664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.518{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52560- 354300x8000000000000000240663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.518{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56685-false216.58.212.138ams15s21-in-f138.1e100.net443https 354300x8000000000000000240662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.517{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51970- 354300x8000000000000000240661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.516{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55057- 354300x8000000000000000240660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.514{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52757- 354300x8000000000000000240659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.269{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58555- 354300x8000000000000000240658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.269{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60421- 354300x8000000000000000240657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.267{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59210- 354300x8000000000000000240656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.243{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56683-false46.101.121.244-443https 354300x8000000000000000240655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.220{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58731- 23542300x8000000000000000240654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.437{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6301BE680B495946FB90FB11E04D0F83,SHA256=3FECCB235D41A19998979F9FBDBC561AFF2742B28837E43B949E993A507058CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.367{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\9170MD5=7BB3722A29233925AB4DD637278E7859,SHA256=29244FB6D47D7AE7F30037FFE0CE1AA47F53269FDF3698B3E8D09BB84B9184FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.331{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.330{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.524{49C67628-E87C-615E-6201-00000000FE01}34522864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E87C-615E-6201-00000000FE01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E87C-615E-6201-00000000FE01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.352{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E87C-615E-6201-00000000FE01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.353{49C67628-E87C-615E-6201-00000000FE01}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.212{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4368BCF21C2AB4A1E411906FB62F89F4,SHA256=8AC1467876CA064B02326810909505B5512B98D67D029D41538017C4041B9143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.329{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.329{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.327{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.327{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.255{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.255{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.254{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.254{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000240642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.840{6EDEAD03-E420-615E-0601-00000000FD01}6016ka-f.fontawesome.com.cdn.cloudflare.net02606:4700:3030::6815:5183;2606:4700:3037::ac43:a12f;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.834{6EDEAD03-E420-615E-0601-00000000FD01}6016ka-f.fontawesome.com.cdn.cloudflare.net0104.21.81.131;172.67.161.47;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.552{6EDEAD03-E420-615E-0601-00000000FD01}6016cds.s5x3j6q5.hwcdn.net02001:4de0:ac18::1:a:1a;2001:4de0:ac18::1:a:3a;2001:4de0:ac18::1:a:3b;2001:4de0:ac18::1:a:1b;2001:4de0:ac18::1:a:2b;2001:4de0:ac18::1:a:2a;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.548{6EDEAD03-E420-615E-0601-00000000FD01}6016cds.s5x3j6q5.hwcdn.net069.16.175.42;69.16.175.10;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.547{6EDEAD03-E420-615E-0601-00000000FD01}6016code.jquery.com0type: 5 cds.s5x3j6q5.hwcdn.net;::ffff:69.16.175.10;::ffff:69.16.175.42;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.544{6EDEAD03-E420-615E-0601-00000000FD01}6016e1315.dsca.akamaiedge.net02a02:26f0:1700:781::523;2a02:26f0:1700:790::523;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.535{6EDEAD03-E420-615E-0601-00000000FD01}6016res-4.cloudinary.com0type: 5 ion.cloudinary.com.edgekey.net;type: 5 e1315.dsca.akamaiedge.net;::ffff:104.75.88.44;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.535{6EDEAD03-E420-615E-0601-00000000FD01}6016e1315.dsca.akamaiedge.net0104.75.88.44;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.535{6EDEAD03-E420-615E-0601-00000000FD01}6016kit.fontawesome.com.cdn.cloudflare.net02606:4700::6812:1734;2606:4700::6812:1634;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.532{6EDEAD03-E420-615E-0601-00000000FD01}6016res-3.cloudinary.com0type: 5 ion.cloudinary.com.edgekey.net;type: 5 e1315.dsca.akamaiedge.net;::ffff:104.75.88.44;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.532{6EDEAD03-E420-615E-0601-00000000FD01}6016res-1.cloudinary.com0type: 5 ion.cloudinary.com.edgekey.net;type: 5 e1315.dsca.akamaiedge.net;::ffff:104.75.88.44;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.532{6EDEAD03-E420-615E-0601-00000000FD01}6016res-2.cloudinary.com0type: 5 ion.cloudinary.com.edgekey.net;type: 5 e1315.dsca.akamaiedge.net;::ffff:104.75.88.44;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.528{6EDEAD03-E420-615E-0601-00000000FD01}6016kit.fontawesome.com.cdn.cloudflare.net0104.18.23.52;104.18.22.52;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.278{6EDEAD03-E420-615E-0601-00000000FD01}6016a1887.dscq.akamai.net02.22.118.162;2.22.117.227;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.277{6EDEAD03-E420-615E-0601-00000000FD01}6016r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:2.22.117.227;::ffff:2.22.118.162;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.261{6EDEAD03-E420-615E-0601-00000000FD01}6016blog-xpnsec-com.netlify.com02a03:b0c0:3:d0::143f:d001;2a05:d014:275:cb00:ec0d:12e2:df27:aa60;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.250{6EDEAD03-E420-615E-0601-00000000FD01}6016blog-xpnsec-com.netlify.com03.67.234.155;46.101.121.244;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.249{6EDEAD03-E420-615E-0601-00000000FD01}6016blog.xpnsec.com0type: 5 blog-xpnsec-com.netlify.com;::ffff:46.101.121.244;::ffff:3.67.234.155;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.194{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.194{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.191{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.182{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.112{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.112{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.088{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.088{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.085{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.085{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.013{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.013{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.712{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0E5D5ECCD4E0C9733053E8F198523D1,SHA256=F5A4DA0BB9B17442D5B31CC1160E2CE4C0EE87DBF38E86E780C9E3C107F24647,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:53.578{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:53.469{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52B0275C87B1BFB15EFCD3CD74ABC1E2,SHA256=7EEF42EEC306ECF2E429E92CB2299A2F8D55BB5D7FE020D61F684F7D69950DB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:53.414{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4B00CF9A51294988E21929C8FA6E5A1D,SHA256=3C7994A0AFB5FAF8FAE5D58ECF409BB46C58B78567D060AAC8A1733BB2BAFCA4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E87D-615E-6301-00000000FE01}3948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E87D-615E-6301-00000000FE01}3948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.352{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E87D-615E-6301-00000000FE01}3948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:53.353{49C67628-E87D-615E-6301-00000000FE01}3948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:53.278{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.090{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49942- 354300x8000000000000000240705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.090{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65502- 354300x8000000000000000240704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.089{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60731- 354300x8000000000000000240703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.088{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50936- 354300x8000000000000000240702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.990{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local50437-false172.67.161.47-443https 354300x8000000000000000240701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.874{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56707-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.874{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56705-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.873{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56706-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.873{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56703-false172.67.161.47-443https 354300x8000000000000000240697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.872{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56704-false172.67.161.47-443https 354300x8000000000000000240696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.872{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56702-false172.67.161.47-443https 354300x8000000000000000240695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:51.860{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56701-false142.250.186.99fra24s06-in-f3.1e100.net443https 23542300x8000000000000000214350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:54.712{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80CCCA2C6051A5BC283133A0ED1A79D4,SHA256=F8E44B16221A653DE5FE0DF9AEA8C5A2E6232343184046016A5A7DFA11D26CBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:54.444{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F964F873C3433F15D3E861F9E4A7998,SHA256=B5DBC8AF9EFF0466EE828828F13842324A1BEF9445A64B193AC0AFE6812C489B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.151{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56708-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000240711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:52.117{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-65502- 23542300x8000000000000000214351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:55.727{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA83423BC6FBAE15B1409A599E48B2E0,SHA256=E832C7CF7AA9D218A801E5A9C5F1A3186B643A774A6A81B4DD5F4E84C829568E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:55.816{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:55.720{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:55.625{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:55.449{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A54F5B223C2193DAA4C016682D69DEB8,SHA256=09A32F9A34F5BB0D6F8CD49268763818C9092A718450E2874FB3EC601E7CBFB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:56.868{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62AC8B2E43F6BB55BC5D8C9D7736E358,SHA256=EB555E59F36F20252FD12D0145BE1AD49C4FE831D9A5EC7BAB01EBD3AFE5AA46,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:54.136{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56709-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:56.456{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DF33124E49655856BA4305148F22EC9,SHA256=89AEA5C3045EDCD0FCF43059536A551C6A33B19DDA3477F732B731AA0FB684A0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:52.737{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50057-false10.0.1.12-8000- 23542300x8000000000000000214354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:57.899{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C060A13B1545E12C164462FEADB66FF2,SHA256=19C3E1D4C26ED51E44AC8A8B229A577ED3F680810173C659EC5F898E08149FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:57.461{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68AE442215A9129959F7393AE8A01BC4,SHA256=5815B4D0B50A7801EF1C1F8E4A5D967DB4E1CC8C74F6A0E25B6BD6B132A681D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:58.492{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2540BD37C1A277D4D576CF43B5F4569,SHA256=29B01AE9A9BD5BF966101A1881FD8F98FFD747BEB89CE68B15EA111F16E60B89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:59.500{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F42CCD5B15C5187A7487E5D18FC3FD49,SHA256=90E6ACB954A40414C585E6A8CE67B5C444F1307B768FB2191998D83124E14155,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:59.134{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19D17D364F5CA7FA18CF11081F53CD8B,SHA256=40634D12CB56D62DE631A30946598A6CA7B721B4E07AD84F9BE3934718162A4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:00.505{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CB53C1FB1991FBCD66A70F036456BD4,SHA256=52FA3DD80B13A926F9131D0D4C4F495476EDC28650EABAB9B4919F16059DBF15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:00.149{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4301F62B6D90F4554615375D2E5A395D,SHA256=DE5E2D5FA7EA0A3F63B746660A44191D0C15965437E913120C3818F2E62354FA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:59.144{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56710-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:01.515{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5E84EE9AD459FBEAE9D3B5DEBEF4520,SHA256=108C29AE0A3087F8D97DFFDBC6C253D96841B5A4722AC7CF30AE2D3AC6CB3270,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:58.706{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50058-false10.0.1.12-8000- 23542300x8000000000000000214357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:01.181{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43D3536343E237894A92CEA02CEDDE53,SHA256=D2CADB368727070F91E9381028974EBC48FF1AA30B4807F7AEA0C0972B7EF8F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:02.520{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8C39A780AEE7A5E4D4692150A8DCEB3,SHA256=96528A44E713B00B7F3630217C0419EDA6862C4DFA528D13A95056044135C510,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:02.196{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4216A7687EE1066919A3C4E6F7C36EEE,SHA256=7C975CC7BD751B4A76EC862462E48CC456A71B2970993B66C34555369849D475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:03.530{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=069B194E29D7155102E221601532B167,SHA256=B89E5200A6E0EF6A442D788697F31B3C24393194565EB142182380FE400BDEA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:03.228{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84BD0093786D70E50D0F4D2EB71EDA3C,SHA256=D8611BC8CC82E7A0EAB3D4AEAD07A4F0F797D4720FB535AE3FB0528159BE4B2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:04.259{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0EF9A76ECCE429782A89918859FEAEB,SHA256=ADF85B44894B9AA81F684F9ADFF1563E5DAB23B1A861722614CDCDF63FA5AEA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:04.534{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9D7709AD459E4E00A96E49422E5FC20,SHA256=F061AF2B8FE5B214251C6F1E60CD22FBC90E97BB3845B5D7073B301167ACCD3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:05.544{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C803798090903C52ABA885AD8F5AF861,SHA256=9F5F3B5A8264BCCC4C9FBD3D53DBF1E36F81A52708EC2D708537F80D52F292F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:05.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4ADFBF4B53485D13E98CF8B777EDAB9,SHA256=52A856FAEC84EF70C36A7F29576396723EAE866BA4BF3C9EC407E2899108532F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.965{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E88A-615E-AF01-00000000FD01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.962{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.962{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.962{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.962{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.962{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E88A-615E-AF01-00000000FD01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.962{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E88A-615E-AF01-00000000FD01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.963{6EDEAD03-E88A-615E-AF01-00000000FD01}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000240739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.559{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=433DD381214B49A8A6EFBC77B3862F40,SHA256=F3096EF8E4F5B2F9AE9F61508E2FCC4DD2E90E3B98151A7DA5E1A0C959BF8C86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:06.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F6D04AB7031727C7C67CBAF339AAE2E,SHA256=C434FFA8F5B1C8F4558EBFCF6CB4088253F46568A00547158D90D3BB5462CCDB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:05.139{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56711-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000240737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.431{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E88A-615E-AE01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.428{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E88A-615E-AE01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.428{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E88A-615E-AE01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.429{6EDEAD03-E88A-615E-AE01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.624{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E88B-615E-B001-00000000FD01}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.621{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.621{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.621{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.621{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.621{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E88B-615E-B001-00000000FD01}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.621{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E88B-615E-B001-00000000FD01}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.622{6EDEAD03-E88B-615E-B001-00000000FD01}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000240751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.566{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C92042419564586FC474A173EDB33092,SHA256=EE56242E7528F40C2E861E562AF36CF97AE85A20E828CB3134DCCB4B64300698,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:04.597{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50059-false10.0.1.12-8000- 23542300x8000000000000000214364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:07.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=137B02319354FC04FB0618728BDC314E,SHA256=249F5D7AE177680890FFF98C58AC00320EFB2D8D7245ABC02DFC6B6AB4ABAB5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.448{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=15B6D13DEFF25073BB0CF1C4B7C4DEDA,SHA256=6BF9C54C7B33F8C15752E393AF7B567833022D8B38878EA1D6DE0A5773176546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.439{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0EF63F9702868B26488182064EE76C18,SHA256=DB0FFFB4745D5D3C601A4D642D0F660B41B7EEF1409F4E28CD268F108BD6E29E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:07.195{6EDEAD03-E88A-615E-AF01-00000000FD01}45166744C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:08.631{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=15B6D13DEFF25073BB0CF1C4B7C4DEDA,SHA256=6BF9C54C7B33F8C15752E393AF7B567833022D8B38878EA1D6DE0A5773176546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:08.579{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CCEF2715C82E605BE595BBD780B3B04,SHA256=D6CB3D3DC2B024A6D88C0BFF0EFD42520A7501D15B6BBB65B2E988278CE0AFEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:08.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C24050DAD5D626A537F9CFC423C2428E,SHA256=F58BF3C3D8A566400F0BCCF7A91523879359A6DE53218B8C93FC7A92157550FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.638{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56712-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000240760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:06.638{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56712-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000240773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.766{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E88D-615E-B101-00000000FD01}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.763{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E88D-615E-B101-00000000FD01}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.763{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E88D-615E-B101-00000000FD01}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.764{6EDEAD03-E88D-615E-B101-00000000FD01}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.645{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:09.587{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C930FB129F302186C26213CA40972D2,SHA256=82AC6333E22378FBE5A6BFC1B542617E556828C9A90E041B136908F2895A1785,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:09.400{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CEBF0E033D73AC3714F67D708B7696C,SHA256=A74328316DF779D27CA2C02651D66F9CFA054EF4286AA3F88B42046EE0329944,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.920{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E88E-615E-B201-00000000FD01}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.917{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.917{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.917{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.917{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.917{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E88E-615E-B201-00000000FD01}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.917{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E88E-615E-B201-00000000FD01}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.918{6EDEAD03-E88E-615E-B201-00000000FD01}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000240776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.765{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9F3D740E951564B3E5A62985F9AC99F,SHA256=C5BAD966BAFE0D93296A3D230D40F8B0063150F000D35666F8F2CDAB38DD7758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.604{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F96A63B1097AE0A8C42BD6099232C5DE,SHA256=854418C71966DF0A802BC5BB70E48226921F7992DF83D1274BD804B3F34E3140,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:10.400{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E18864340A6DA442B66FED2C18A071E,SHA256=6FEAAF35E23CD645EB98B94A0A725F1C661BB771EB6853C41103D2AA0359506A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:10.020{6EDEAD03-E88D-615E-B101-00000000FD01}43126148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.921{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B90364E27CAC9D2FCFF00BD444207B69,SHA256=D82DCD9D1F0C1C1B018943628C618F915E52DA497F97B96F35393BCF8EABE70B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.856{6EDEAD03-E88F-615E-B301-00000000FD01}65564124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.633{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D919EFCA6D6DBC274C25E630384DD37F,SHA256=B29889638367D3C440BC36E9DF1D15D46B2A0BECEC1E0ECE041244FCC8050CFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:11.540{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3E898AECA8E1A7675166F9CEC10E14D,SHA256=CE2ADC692CE11E5FA796729493C0A644B3BBE30554B84F6F649231E6977D235F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.597{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E88F-615E-B301-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.594{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.594{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.594{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.594{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.594{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E88F-615E-B301-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.594{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E88F-615E-B301-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.594{6EDEAD03-E88F-615E-B301-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.084{6EDEAD03-E88E-615E-B201-00000000FD01}36726524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:09.675{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50060-false10.0.1.12-8000- 23542300x8000000000000000214370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:12.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB4454126F94BD82CA981AC2C68C6E6E,SHA256=DE6B77C164337F4621D66C6B1837DD13072B5F83AC4F3FC63079390AF3054DBC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.987{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d80d70|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.984{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+979d46|C:\Program Files\Mozilla Firefox\xul.dll+d96e88|C:\Program Files\Mozilla Firefox\xul.dll+d80a1a|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000240821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+d80991|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+bc795|C:\Program Files\Mozilla Firefox\xul.dll+d80668|C:\Program Files\Mozilla Firefox\xul.dll+34b618c|C:\Program Files\Mozilla Firefox\xul.dll+34b5fe1|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.981{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9326bf|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+15c3436|C:\Program Files\Mozilla Firefox\xul.dll+192543c|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.975{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.975{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.975{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.975{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.975{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.975{6EDEAD03-E420-615E-0601-00000000FD01}60165412C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f02d|C:\Program Files\Mozilla Firefox\firefox.exe+2e235|C:\Program Files\Mozilla Firefox\xul.dll+1efde1a|C:\Program Files\Mozilla Firefox\xul.dll+92e2ba|C:\Program Files\Mozilla Firefox\xul.dll+92c4c5|C:\Program Files\Mozilla Firefox\xul.dll+93347e|C:\Program Files\Mozilla Firefox\xul.dll+7da221|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.976{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe93.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6016.23.628768207\1372230526" -childID 8 -isForBrowser -prefsHandle 4140 -prefMapHandle 8908 -prefsLen 11823 -prefMapSize 246975 -jsInit 1164 286204 -parentBuildID 20210927210923 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6016 "\\.\pipe\gecko-crash-server-pipe.6016" 8532 29068e34f38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332LowMD5=988976B1058A1DAE198C93A5688142FD,SHA256=28BE8E0485DBA68F6A4B37F6A68D7AE542B0DA00925A69EA12A4E7AA3B477EC6,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000240811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:31:12.967{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.23.62876820C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.961{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.855{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 10341000x8000000000000000240808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.849{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 13241300x8000000000000000240807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:12.837{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb77-0x36f70906) 10341000x8000000000000000240806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.831{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d8fb3f|C:\Program Files\Mozilla Firefox\xul.dll+d7e9d1|C:\Program Files\Mozilla Firefox\xul.dll+d7ff54|C:\Program Files\Mozilla Firefox\xul.dll+d824be|C:\Program Files\Mozilla Firefox\xul.dll+ba0dcc|C:\Program Files\Mozilla Firefox\xul.dll+b9dd95|C:\Program Files\Mozilla Firefox\xul.dll+28a0ac|C:\Program Files\Mozilla Firefox\xul.dll+289c41|C:\Program Files\Mozilla Firefox\xul.dll+ecc07f|C:\Program Files\Mozilla Firefox\xul.dll+16d32d2|C:\Program Files\Mozilla Firefox\xul.dll+16d1885|C:\Program Files\Mozilla Firefox\xul.dll+ba05ff|C:\Program Files\Mozilla Firefox\xul.dll+26dc71|C:\Program Files\Mozilla Firefox\xul.dll+3702be|C:\Program Files\Mozilla Firefox\xul.dll+c33b26|UNKNOWN(00000225DF0B3170) 23542300x8000000000000000240805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.643{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B5D39D811A069FE1054DD1BB60FFABF,SHA256=D6612FB8D62243EC3264E3B97E3455EDABCB1AEF99EFA6ADA28F5C0AA063ACED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.486{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E890-615E-B401-00000000FD01}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.483{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.483{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.483{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.483{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.483{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E890-615E-B401-00000000FD01}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.483{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E890-615E-B401-00000000FD01}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:12.484{6EDEAD03-E890-615E-B401-00000000FD01}5776C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:13.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D152077C13615B810C80A214BC654618,SHA256=6D398A024BF046474A8EF788DCD574691680A6C3CF00CEC7CD72ACE7D83CFF41,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.991{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+9346c1|C:\Program Files\Mozilla Firefox\xul.dll+99921d|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.976{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.970{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.970{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.967{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.957{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3103FD0D7D5476066EA363A2440CD94E,SHA256=B30542E63ACF955F0EF4FF0EEDC45DA8068413087D4ED14E5FCED5C1B712B165,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.954{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.954{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.939{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+93bf17|C:\Program Files\Mozilla Firefox\xul.dll+986a39|C:\Program Files\Mozilla Firefox\xul.dll+d88048|C:\Program Files\Mozilla Firefox\xul.dll+193adae|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+1903b07|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000240906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.939{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-8C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000240905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:31:13.939{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-8C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.924{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.924{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.924{6EDEAD03-E423-615E-0801-00000000FD01}5392\chrome.6016.26.124617784C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.924{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+19253b7|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:31:13.924{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.26.124617784C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000240899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.921{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.25.188900889C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.921{6EDEAD03-E420-615E-0601-00000000FD01}60165416C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+12e9cb|C:\Program Files\Mozilla Firefox\xul.dll+115df2d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.921{6EDEAD03-E420-615E-0601-00000000FD01}6016\gecko-crash-server-pipe.6016C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.894{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d80d70|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.872{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.871{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+979d46|C:\Program Files\Mozilla Firefox\xul.dll+d96e88|C:\Program Files\Mozilla Firefox\xul.dll+d80a1a|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000240879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.870{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+d80991|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.870{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+bc795|C:\Program Files\Mozilla Firefox\xul.dll+d80668|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.870{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9326bf|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+15c3436|C:\Program Files\Mozilla Firefox\xul.dll+192543c|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.857{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.857{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.854{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.854{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.854{6EDEAD03-E40D-615E-DD00-00000000FD01}27722156C:\Windows\system32\csrss.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.854{6EDEAD03-E420-615E-0601-00000000FD01}60165412C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f02d|C:\Program Files\Mozilla Firefox\firefox.exe+2e235|C:\Program Files\Mozilla Firefox\xul.dll+1efde1a|C:\Program Files\Mozilla Firefox\xul.dll+92e2ba|C:\Program Files\Mozilla Firefox\xul.dll+92c4c5|C:\Program Files\Mozilla Firefox\xul.dll+93347e|C:\Program Files\Mozilla Firefox\xul.dll+7da221|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.856{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe93.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6016.25.1889008894\1661443881" -childID 9 -isForBrowser -prefsHandle 9152 -prefMapHandle 4588 -prefsLen 11823 -prefMapSize 246975 -jsInit 1164 286204 -parentBuildID 20210927210923 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6016 "\\.\pipe\gecko-crash-server-pipe.6016" 8784 29068e35b38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332LowMD5=988976B1058A1DAE198C93A5688142FD,SHA256=28BE8E0485DBA68F6A4B37F6A68D7AE542B0DA00925A69EA12A4E7AA3B477EC6,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000240869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:31:13.848{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.25.188900889C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.812{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.685{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B83C5D163EC08027E89E3D80EEE44CA,SHA256=D801A608CF2D2275E0FF86F89C92562D3E6CB89485B8CEA80B1E22675D92ED2E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:11.015{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56713-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.536{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0CB35F75CD5F659E72C781CF40CFDAD2,SHA256=6BDF378AF999BA6C4210ED5A9B402A98EFE61059145A556F503D0201114FD8D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.503{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.423{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.351{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.294{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.268{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E462F3355BE3B5F63E80E1A646ED8FF,SHA256=77B520A13F17D479BB8A8350E1D9063B6D9D0FA70536E81BF2174F33CCA0B31E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.244{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.244{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\cache\morgue\230\{664f2a49-d7fc-41c0-a0dc-1b28e654a9e6}.finalMD5=63DF69700A46C50148F330AA9E1D935B,SHA256=2811520FE6F486E5A3A01D0B2C12F0D97A062308A863CD77FDDAE6DEDA6A1FFE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.241{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.232{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.232{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.138{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+9346c1|C:\Program Files\Mozilla Firefox\xul.dll+99921d|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.114{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.114{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.102{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.102{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.081{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+93bf17|C:\Program Files\Mozilla Firefox\xul.dll+986a39|C:\Program Files\Mozilla Firefox\xul.dll+d88048|C:\Program Files\Mozilla Firefox\xul.dll+193adae|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+1903b07|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000240848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.081{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-7C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000240847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:31:13.081{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-7C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.066{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.064{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.064{6EDEAD03-E423-615E-0801-00000000FD01}5392\chrome.6016.24.182334179C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.064{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+19253b7|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:31:13.064{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.24.182334179C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000240841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.062{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.23.62876820C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.061{6EDEAD03-E420-615E-0601-00000000FD01}60165416C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+12e9cb|C:\Program Files\Mozilla Firefox\xul.dll+115df2d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:31:13.061{6EDEAD03-E420-615E-0601-00000000FD01}6016\gecko-crash-server-pipe.6016C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000214373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:14.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB0E5547717258644359AA7346460006,SHA256=9D2D3FC042ECEB0E964AAFCC8246175D367EDC94BA843DC7313CDCEE5AA9CA5B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.663{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.047{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51030- 354300x8000000000000000240935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.045{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53047- 10341000x8000000000000000240934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.546{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+2655c0b|C:\Program Files\Mozilla Firefox\xul.dll+2648cf6|C:\Program Files\Mozilla Firefox\xul.dll+b382c0|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573 10341000x8000000000000000240933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.513{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.431{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b37716|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 10341000x8000000000000000240931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.431{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.428{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.369{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.343{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.343{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.249{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.249{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.249{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.246{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.246{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.186{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.166{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.057{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.054{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.027{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.024{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:15.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E78E671CD399CFFB2CEDCA81BB754F32,SHA256=429B88E89E7C3A892A2FF868E7DACC1AB6C5591A2F045EA47D5CC3B8845D6F4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.910{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.907{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.907{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.755{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.749{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.749{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.922{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56714-false152.199.21.141-443https 10341000x8000000000000000240952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.518{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.442{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+accd49|C:\Program Files\Mozilla Firefox\xul.dll+aea1fa|C:\Program Files\Mozilla Firefox\xul.dll+a84ae9|C:\Program Files\Mozilla Firefox\xul.dll+aceff0|C:\Program Files\Mozilla Firefox\xul.dll+19834cf|C:\Program Files\Mozilla Firefox\xul.dll+198cf35|C:\Program Files\Mozilla Firefox\xul.dll+25aebfa|C:\Program Files\Mozilla Firefox\xul.dll+25c3a74|C:\Program Files\Mozilla Firefox\xul.dll+25ae57e|C:\Program Files\Mozilla Firefox\xul.dll+188b5ca|C:\Program Files\Mozilla Firefox\xul.dll+18888fd|C:\Program Files\Mozilla Firefox\xul.dll+1884327|C:\Program Files\Mozilla Firefox\xul.dll+1a8f46e|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f2161d 10341000x8000000000000000240950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.336{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.336{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.336{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.333{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.333{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.318{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.312{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.291{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:15.191{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+ab5763|C:\Program Files\Mozilla Firefox\xul.dll+ab60f1|C:\Program Files\Mozilla Firefox\xul.dll+ab545d|C:\Program Files\Mozilla Firefox\xul.dll+ab4662|C:\Program Files\Mozilla Firefox\xul.dll+adbd21|C:\Program Files\Mozilla Firefox\xul.dll+19842fd|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4 22542200x8000000000000000240941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.056{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com0142.250.184.237;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:13.055{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com0::ffff:142.250.184.237;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.999{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5366E8D5C5DEE6A9CCDFA6EE77EF2D18,SHA256=63D8E1B6C8B85AEEEF0A5B0C0F9AEE328B6A248BD5A253C1D9E291FAF89AA55C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.999{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FABAB4C472718DD8A9AF0ABBAC5B7AD7,SHA256=93CA0C2CE91538CD703541F15EC4EF48EF3D4CEA36D3EEEEAC4C11290F15936F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:16.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A49B580C00031B274A90087B9B05DC3,SHA256=B9F873DEFF5B5926BE3C60FA5438F3E11813D8834A9274716A54FDA7FFFC676F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.994{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.994{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.994{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.984{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.983{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.983{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.982{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.982{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.981{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.981{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.973{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.973{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.927{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.888{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.888{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.888{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.883{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\16621MD5=5EE3EA6DD41110F9356F9F2BD9F486AC,SHA256=1D8DDC54D1FC51F634CCD8051F5C81C848EFA969F65C43740E03FDAF0312BBED,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.591{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57715- 10341000x8000000000000000240962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.587{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.587{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.025{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D782994642709B0055EB8B0E4D568059,SHA256=242E6E467B259AE764099B0E2F9100D759EE088A24D32EC955534D0990FC0C01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:17.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AF3955AE416364637FF409C2A293675,SHA256=E419F36590D34E9DC9D62BC11E526E4A0F31D74505250D247AD726AC79DD4728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.850{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\11246MD5=95221372E13B1BA8CABCC52EBF13AE4E,SHA256=1FAC036AF8CB6B3C16B4F2A95EB6D43D4C807D46B55508D6125ADE835C33D7EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.524{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local65501-false142.250.184.237fra24s12-in-f13.1e100.net443https 23542300x8000000000000000241026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.758{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.725{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.725{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.725{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.725{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.725{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.717{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\27237MD5=622EE192255249AA7538D9341E2F1D98,SHA256=957617A792DEEB22405044AA384E8365BBF9440EC2A471E68F060621999FF49E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.713{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.713{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.713{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\23972MD5=8A1A051C35085A7326E90E30F6C78317,SHA256=FD6D19817CFFF91EF25EBDF8742ADE136CE11C0963CD55ACD95F1A0805BA39A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.713{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\20706MD5=319D47A6BD2DACCBCD1B4C97CFF8ED6C,SHA256=C0D830870C68AEF1F4E781949143EC06D5C2071EC4AACE3E475849F9656628F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.705{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\17441MD5=89B405C3B197279D2D1007E1D8E41300,SHA256=A948C19115D1B99A2E4AC160F84F05255DA20438B4777244420832B4C5CEB2C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.698{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.695{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.695{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.674{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000241010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:16.082{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56715-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.351{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\indexMD5=F483F1696CCD3264EEE3BD7485C0D665,SHA256=82E1158610045F3E35E8B9053DE918F69D8CBC922C1878DEA9F9475A98870E49,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.315{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.312{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.309{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.309{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.309{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.309{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.297{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.297{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.269{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.236{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.236{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.187{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.186{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.173{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.173{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000240993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:14.602{6EDEAD03-E420-615E-0601-00000000FD01}6016www-google-analytics.l.google.com02a00:1450:4001:827::200e;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.121{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.118{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.118{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.109{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.051{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.051{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.051{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.048{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.048{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5208B36D7B707683C1E6CDCE1EFFC62A,SHA256=D6721ED49B449AB4381A9F1A431CB503CC0B41DBDABDCAF04425FC0281EC7BAD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.048{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.033{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.018{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:18.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EDA01E953310AA0CF5633F1E159851E,SHA256=F94CEF5BC0C998D51ED85C146C41731BF3CF1F4127D4E95F7724CD4047E68DD1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:14.737{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50061-false10.0.1.12-8000- 354300x8000000000000000241035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:17.365{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59313- 10341000x8000000000000000241034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:18.480{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:18.479{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:18.477{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:18.477{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:18.476{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:18.099{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=767EFF581BD3DB482E2CF988CBDE0337,SHA256=C49387989C8E8865B5702D564D3F13A19002E6056638E3FCF3379148D045F9C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:19.681{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77CD0FDDC6DAD2933E2DF6A2DD982D85,SHA256=B83EAC7D44D1B070D932517D67AA75AFED6F6FDA6314CE81EB4F9955629E4975,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:19.319{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e05a2c|C:\Program Files\Mozilla Firefox\xul.dll+2e2732f|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:19.104{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56862C6F6C38DB346C5719623AC0ACA9,SHA256=28D83557F327187D7880B68FC27F9690892A1DD3ECB9BDCBEC8152352197F696,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:20.682{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0B46701979A11FAE9A1E25A70C240F1,SHA256=E2FCD62F13D9D9D8C5F198221DB0D30B7D398B91EBF1E2DFFD2FAA5C72A32F13,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.714{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000241041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.158{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.137{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94899|C:\Program Files\Mozilla Firefox\xul.dll+d95d0f|C:\Program Files\Mozilla Firefox\xul.dll+10b8c26|C:\Program Files\Mozilla Firefox\xul.dll+d926fd|C:\Program Files\Mozilla Firefox\xul.dll+d77b60|C:\Program Files\Mozilla Firefox\xul.dll+1e42aa2|C:\Program Files\Mozilla Firefox\xul.dll+19569f7|C:\Program Files\Mozilla Firefox\xul.dll+1958bfd|C:\Program Files\Mozilla Firefox\xul.dll+16e6ec4|C:\Program Files\Mozilla Firefox\xul.dll+1b14ba7|C:\Program Files\Mozilla Firefox\xul.dll+16241df|C:\Program Files\Mozilla Firefox\xul.dll+1c844e7|UNKNOWN(00000225DF0B7DD4) 23542300x8000000000000000241039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.128{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=8CF5B52FDF92957438BE6D00DDAA3E30,SHA256=7E588C92E0ABE8E668688F9F5E2CCCF485E29B77A138C04DBED1C4A7885B047E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.110{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84E46FDCF80176CE9FB5FE255C0D6513,SHA256=0623F41C22F00FCEB79B4DAB9F1CB9C6BD118D23B309C88717D30DC7D578A89A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:20.247{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-028MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:21.696{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0E3A4BC1A2CDB947F80FC032584FC9F,SHA256=83139121C2C26675394CE4CE6174A692659B9E4E79F141A8CFAF2206467D84C1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.361{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56717-false140.82.121.3lb-140-82-121-3-fra.github.com443https 354300x8000000000000000241063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.355{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54936- 354300x8000000000000000241062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.353{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52795- 354300x8000000000000000241061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.099{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56716-false104.244.42.5-443https 354300x8000000000000000241060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.078{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53968- 354300x8000000000000000241059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.074{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54333- 10341000x8000000000000000241058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.310{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000241057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.288{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 10341000x8000000000000000241056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.237{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.231{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.143{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\21406MD5=26F8934F7B8968CBFE60EF2701856829,SHA256=E770EDFB601A56A7BBDFD2DFE8BF7E1E384D90B1B1622800CB5124FCE229AEC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.125{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.125{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.125{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.125{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.122{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.122{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE55FEE8A355839B06AC5A23F8663A05,SHA256=EB9BB39CA8DD90CC883F41E25CA6CD46E111358ADF83EEFED398A432DA012462,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.122{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.122{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.122{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.122{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:21.262{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-029MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.063{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:22.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA1438E8DBA4263D3C6EF58CD0EF10BE,SHA256=A30B807A7B29D7D544D8DEBBA781A3C343CF7F8A872422F2629EAF4E431649E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:22.704{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=9DB6CFBBBB848FCE8FAABC0247CAF119,SHA256=FB34C5DE85EB4702EA00F3F373543A5B7480586E2924ED31FD460180054552D6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.227{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59070- 22542200x8000000000000000241068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.099{6EDEAD03-E420-615E-0601-00000000FD01}6016t.co9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000241067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.087{6EDEAD03-E420-615E-0601-00000000FD01}6016t.co0104.244.42.197;104.244.42.133;104.244.42.69;104.244.42.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000241066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.086{6EDEAD03-E420-615E-0601-00000000FD01}6016t.co0::ffff:104.244.42.5;::ffff:104.244.42.197;::ffff:104.244.42.133;::ffff:104.244.42.69;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000241065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:22.128{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=926BC28EFF3A73D5E79F85C3EC5B8D2E,SHA256=BD81EB31596372BE7F65366D9D7C071A93144A876B537FE70FD4C4D53E0DC145,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:20.614{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50062-false10.0.1.12-8000- 23542300x8000000000000000214385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:23.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C55BF2662F405159A9648EE5B90799FF,SHA256=161DA821E7525344103C3834B7C79C56CC2F77BEDF968BF1FA1F471893256B45,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:21.966{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56718-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 22542200x8000000000000000241072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:20.363{6EDEAD03-E420-615E-0601-00000000FD01}6016gist.github.com0type: 5 github.com;::ffff:140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000241071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:23.138{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E6DB3BF95C88BB44B3B86A6F6AA786A,SHA256=BCB6993053C0E83DAABFC5F405ABB9ED07C560F79C199135EA8AFBB9C90723FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:24.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8E0DFFB937A8374A0D4B99891AAF854,SHA256=4985C77AD63D778EC57A77E92892E3D441D22A0C1D8C609401927D0B1E2C0CF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:24.141{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC6F65B3658BF388C6E9E2420DD2E1E3,SHA256=3BF50F38138EBECD8371A3EB2D23FB8C0A112CC623B6E8D248F0D548122E81A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:25.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B172DEF2271618130166A8BA552A0048,SHA256=6BA79A80B9C5F6A8A15FA57BE25EA26730A774C7126BA0DD4FB0F0BCEECF69FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:25.143{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF2137F7B1E353FD9FAA789BA480D4DE,SHA256=BBF23A2F7E58B9B14A57D6E11D564A8222F7EA3C86CEDB1205C028F372195A54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:26.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F5A2CE4A662F18EC7216B23EA746412,SHA256=410B0310090D02850215252C5A8227C015C2C5BFAA2C273E6FADB3448B059DDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.386{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.365{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=FBEA71C3E0E0415FDF253232F252E5EE,SHA256=1CCD9848C359EA0D4CE372A59BF5E6470991F13784F07586BBB48D1F8AB24D08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.362{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=39AF2369FF9839A2603C9C719AFB486D,SHA256=F434738AD71CF2420983DAAD5B511722D2233C4AEA5120C2E5925DC4F189CD82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.356{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++gist.github.com\ls\data.sqlite-journalMD5=1725C837544160880EDCE05CAE6A8E08,SHA256=07539B4EC432D78E3970D2E4975F5199E32D0A99A98C24CB7EF5FEC58C5FA1ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.338{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++gist.github.com\ls\data.sqlite-journalMD5=58C1342132DD537EFEDC0369C9E09644,SHA256=22E208787423FC5478055DCBA7445AEAEBCD3747451B7A70F6954E044B6BB761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.329{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++gist.github.com\ls\data.sqlite-journalMD5=371D70DEC96D9016AFB84BAB2744C15A,SHA256=58C24EF658995A35145E42EB87FC7579CCDF0AE7040CFBB7F4837991BD070288,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.323{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++gist.github.com\ls\data.sqlite-journalMD5=03763BF365F000C6A6A1A935A41B89CF,SHA256=1B79C5B148BD591D3AB25B9B0C2CF29078729116F0336E1B7CA31B6E12548B1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:26.147{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=838B2E22B56289E9D5042495576AAEFC,SHA256=2D148E8A1485B97F36C87F119166356F0F094350D9906E5A556F1D667BC11AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:27.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=547ADD99E3109235B1F9FEB603E2CB76,SHA256=AC6CF5FAF5FB00269C32F80AE00494863876111A6EE09E930C6CDC9C6E1F92C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:27.152{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E84C4A3DFBA0DF956BD766EA5328C3B3,SHA256=42FB17A10FE1B892FA4399C6AEB4EEB484D07C21DE69EEAF3BA1794A0B2CCDA6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:25.818{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50063-false10.0.1.12-8000- 23542300x8000000000000000214391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:28.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B114F1948E2D23A864CD7FEEE3E587E,SHA256=CCC1D77833F9CBFFBF79CDB24B8F608D3EE3E10F6911FF71AC88A971A7C0749F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.702{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000241098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.702{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.702{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF1b74a0.TMPMD5=396D3F95D9DF2B9FA41FA0E75892423E,SHA256=2D2665A1412B85577D1B136C20A9EDD6121D009B9F07AE12C1AFA0F04277EA46,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.696{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776|C:\Program Files\Mozilla Firefox\xul.dll+b2400b 10341000x8000000000000000241095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.696{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776|C:\Program Files\Mozilla Firefox\xul.dll+b2400b 10341000x8000000000000000241094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.696{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776|C:\Program Files\Mozilla Firefox\xul.dll+b2400b 10341000x8000000000000000241093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.696{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776|C:\Program Files\Mozilla Firefox\xul.dll+b2400b 23542300x8000000000000000241092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.162{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=372E43774345B233CC79A390ADFB9812,SHA256=54216895E3F6BEB1747756A18809A9D918BE41F8488E62419B1E40D1B40008B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.056{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=862E9BC8FE4C82FA2C418CE915BC98AD,SHA256=D0999505F8D894D113C7A3209D394A6D6AB726839B7F06D69065223E1000C50A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.056{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C3F720C1587757313B5C2A5A3FB32EC1,SHA256=818C30B51A11588768E57745220EBF5FAE59396DE862C3ED0BEE5D8AD7DB790F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.053{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=0E19A96D371C895A9D5B07788978B5E8,SHA256=D8B54712452FCD87CF14F7C95627ABD9060803DFAD288AAFEEB6613FAEE65FA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.053{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=F20F8AA184CB07F7CA842C3C6589310D,SHA256=820FFF9B14CBECEC00792278C0B367E6FDCB057B5916E874425A30E37617176A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.050{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=7D4FDF87D1BBF6736AB11612101F9040,SHA256=452FDAFFA967EE013061FE978583CEAE422FBCAF6A53EC6D99CFEC97E117BA13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.050{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=A8EAF7199EB9B273C505828E2A1586F5,SHA256=C81D7247C3166B191C469CB8AD1AFE9F713D1B124B28B4DC1107F52F588992EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:28.047{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=AE8EA203018256859A66B9F9025CBAAB,SHA256=FBF0F91EED46FFE8FB178D09A7C481F5183E99A225600AEA0AC2B8B105F3992F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:29.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=237C082D4CB2790332C92B4636CA8619,SHA256=7E308782444AEAE7215D1A148746EE8F73597D3BE09B212D35963262FBD8352F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:29.676{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:29.676{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000241101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:27.925{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56719-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:29.166{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9FED75CAB397BEE9FAD87EFEA98B969,SHA256=072F3020F9161F60AF6BE75EF84270614E58005CD9EE8A5A012D59EBA08C877C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:30.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AC0FEB710D7EE5A73C6A1042A9CBDC1,SHA256=13C527D0E7D898F2B1834B6BE2A39A01D9B5B2F98D6622218684B2A0A79A22AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:30.172{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0313E45925E3E18301CC67F0B174B61D,SHA256=CBBECB327B2454EF6B1B61CBA768ACEC686227CD037F276BA0B4B7FDB68C2032,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:31.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6585A1970E1AEA73947E3875BE70725,SHA256=2DC2A264532074C7D88D6A78F1F09D82790136FEE6D1F8ACB269D77624E11C8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:31.176{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39435328CB9FAE9191277C7FF09CD503,SHA256=11236A4045A46DA33D7DB993E67C65EC5011912030285158E82BE1265AFE6968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:32.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8932B5F4AA6323632B30F7C49CDEB701,SHA256=850921D4A869B870082222F4A4FD7916D4C0AD084CAD5CD5406E4D932F471E84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:32.513{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:32.229{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21A2CC25E3C705566EC069FF15E1AC1A,SHA256=B943EA80F05578887204E0B30D5B20D8DDF61BCAECF63D42E6714268D0D4D689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:33.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3A00429059759E7184962DDA6BE462C,SHA256=A05F9A7D1B21D9EEA25E8ED5662C10812DC71030E5E2080CB22D46D135204F1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:33.233{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAA7CBC1690DCCE92CB8CB28FE026B17,SHA256=DF7F5BA3C760D80890983301843DA8ACDB0D02180EF7462951306657C88C542D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:34.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F2795C8F58E16FF6F913E6486C2AA1,SHA256=B92888BCF93E2420F156BCA4996D17B32E74086A37ED0EE1394C3217696FEEA9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:33.030{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56720-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:34.238{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F8E771FBBD6A50E60444341BF6A98F9,SHA256=6ADC989065FC799CF6A0437909DF8FA18702BE76711787C955591848EE9A9A48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:35.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A52AC2D92D10A076B077D75AF809B0D,SHA256=901001A13251F243FCF0C29417386D867089E19C8E3BCF3B713E087828F87AAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:35.245{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E2D5AC7D1F4C3FB2108484527B630B3,SHA256=A1E6FFCFAAC54F1732A2DD98A7EEEBB76AE3888DBB57FB31002B3E5E015CFFBE,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000214412Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.371{49C67628-E19D-615E-1500-00000000FE01}1036C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb77-0x44656342) 13241300x8000000000000000214411Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x8000000000000000214410Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\IsServerNapAwareDWORD (0x00000000) 13241300x8000000000000000214409Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\AddressTypeDWORD (0x00000000) 13241300x8000000000000000214408Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseTerminatesTimeDWORD (0x615ef6b7) 13241300x8000000000000000214407Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\T2DWORD (0x615ef4f5) 13241300x8000000000000000214406Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\T1DWORD (0x615eefaf) 13241300x8000000000000000214405Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseObtainedTimeDWORD (0x615ee8a7) 13241300x8000000000000000214404Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseDWORD (0x00000e10) 13241300x8000000000000000214403Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpServer10.0.1.1 13241300x8000000000000000214402Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpSubnetMask255.255.255.0 13241300x8000000000000000214401Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpIPAddress10.0.1.15 13241300x8000000000000000214400Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:35.215{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpInterfaceOptionsBinary Data 23542300x8000000000000000214399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:35.058{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=6F4507C3AAE5991FD84A945989762AAA,SHA256=0F8DC9601346F5BFE57406DAE8475C7756F0C874CB72297EFD4C166D07A5AC89,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:35.096{6EDEAD03-E19E-615E-0B00-00000000FD01}636676C:\Windows\system32\lsass.exe{6EDEAD03-E19B-615E-0100-00000000FD01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000214415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:36.699{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30495FDDA8C69250B70CCB5CAA2B43CD,SHA256=6CCC16EF6FE9F0279D2496E1396158BDB379118A9A707668D65C34909726C0C2,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000241129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x8000000000000000241128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\IsServerNapAwareDWORD (0x00000000) 13241300x8000000000000000241127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\AddressTypeDWORD (0x00000000) 13241300x8000000000000000241126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\LeaseTerminatesTimeDWORD (0x615ef6b8) 13241300x8000000000000000241125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\T2DWORD (0x615ef4f6) 13241300x8000000000000000241124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\T1DWORD (0x615eefb0) 13241300x8000000000000000241123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\LeaseObtainedTimeDWORD (0x615ee8a8) 13241300x8000000000000000241122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\LeaseDWORD (0x00000e10) 13241300x8000000000000000241121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\DhcpServer10.0.1.1 13241300x8000000000000000241120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\DhcpSubnetMask255.255.255.0 13241300x8000000000000000241119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\DhcpIPAddress10.0.1.14 13241300x8000000000000000241118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:36.884{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12612be9-6044-47c0-97f0-8c78ab4b3889}\DhcpInterfaceOptionsBinary Data 354300x8000000000000000241117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:34.998{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56721-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000241116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:34.998{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56721-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 23542300x8000000000000000241115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:36.250{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E55FFF43CDA0BA8EC5E4DC044A8AE5F,SHA256=B01FD7142D10D22CDF7639ACFB069AE9AC79629ACED0C460A4F206E2EE3CE638,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:31.818{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50064-false10.0.1.12-8000- 23542300x8000000000000000241114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:36.140{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66363B545C2F1FE2A714ED6CEBB9B0A1,SHA256=5DA3859FAA12E2B383BEB9D90FF3E09F10256C7AF34FF8906FC2A95E83CDCA35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:36.140{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74C6EFE8EE1B7B9500EC0683055E4A84,SHA256=C4AA32BD19B53D45CEC7D709B49F2A39FB75C637FA299785362881B0FF1FFA08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:37.700{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FF1B43CA2544A13021608C306A7B5BB,SHA256=471DC9420DFEEE6D81E6C85D1F179D28FAF93DAF2551E5674778C842C946C6DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.783{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=0652E49CB037B98D8CB16C6E93B61F5B,SHA256=730B82C880E40BF4D24613941382586275DDA5D1B1471F6F6B8698997D210EAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.783{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4C2404CC3FBF943DBCE692337FD3ECB8,SHA256=AC7D841EF90A1F9EA5EA394D4AFD57AE325D36BD718745027C5D5471DED36109,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.779{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C82A3D5511615C2A08C582D79218B259,SHA256=D21695C2CA1A4FDCC50C90847273A0AFAB189EAE0CE75D0B90F31F630407787A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.779{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=9FD57BB609776B05573FD104A09BB202,SHA256=5FCB6E1B48B0548250E2362648CA4B75C291438CFBCC4E40421DAFBCD5A605BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.777{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=66D7ED889D50637DF04EC303355E67C8,SHA256=04E6A83FB18AAE9C077C2467F17AAA8EC2382D9F2AD460E8C3175D82E547A2AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.774{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=31796EFB6622D5C2064E537A660B1C5A,SHA256=FAF4B151D2035BFCF12876322BB7252E0271AEF03E83C6AE54D267679C8A0483,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.770{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=705E4AE03D63DCD8EEE3B64803A5AA62,SHA256=D3B5721AF3CA5992BF1BAD00514CE7A8E6CEC538A95B3E4756D9E5B709BCC9F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.258{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCA6D1B5EA80184188036A53BD6651FC,SHA256=4DA38ECF03D511482DE61A45E50D63B11A61C34CE552278600487D7298699400,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000214429Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000214428Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001b9566) 13241300x8000000000000000214427Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0xe3b3b32c) 13241300x8000000000000000214426Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb77-0x45781b2c) 13241300x8000000000000000214425Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7f-0xa73c832c) 13241300x8000000000000000214424Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000214423Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001b9566) 13241300x8000000000000000214422Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0xe3b3b32c) 13241300x8000000000000000214421Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb77-0x45781b2c) 13241300x8000000000000000214420Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:31:37.433{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7f-0xa73c832c) 354300x8000000000000000214419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:33.926{49C67628-E19D-615E-1500-00000000FE01}1036C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal123ntpfalse169.254.169.123-123ntp 354300x8000000000000000214418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:33.795{49C67628-E19D-615E-1600-00000000FE01}1168C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:c9c2:2946:9850:a5c6:8e8b:ffff-50496-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x8000000000000000214417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:33.795{49C67628-E19D-615E-1600-00000000FE01}1168C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:e9d9:c59a:6800:80d8win-host-340.eu-central-1.compute.internal50496-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x8000000000000000214416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:33.786{49C67628-E19D-615E-1200-00000000FE01}980C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal68bootpcfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal67bootps 23542300x8000000000000000241132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.134{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=D60463D1C09858CC283FB2F53156DD11,SHA256=D4E55C72FCE3E1F36AD6FF8A523407CEB73A75CBA5CBE04791E8042D26DA4747,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.060{6EDEAD03-E1A0-615E-1600-00000000FD01}12805196C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.060{6EDEAD03-E1A0-615E-1600-00000000FD01}12805196C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:38.700{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77F358A7F70F1F1EF2AD899AEBB25A9E,SHA256=8B82960AB272D4CBD95074954BA38410048B5846CDFECB9FBC92E7154AD90241,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000241170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\RegisteredSinceBootDWORD (0x00000001) 13241300x8000000000000000241169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\StaleAdapterDWORD (0x00000000) 13241300x8000000000000000241168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\CompartmentIdDWORD (0x00000001) 13241300x8000000000000000241167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\FlagsDWORD (0x00000002) 13241300x8000000000000000241166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\TtlDWORD (0x000004b0) 13241300x8000000000000000241165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\SentPriUpdateToIpBinary Data 13241300x8000000000000000241164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\SentUpdateToIpBinary Data 13241300x8000000000000000241163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\DnsServersBinary Data 13241300x8000000000000000241162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\HostAddrsBinary Data 13241300x8000000000000000241161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\PrimaryDomainNameattackrange.local 13241300x8000000000000000241160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\AdapterDomainName(Empty) 13241300x8000000000000000241159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.905{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\Hostnamewin-dc-676 10341000x8000000000000000241158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.896{6EDEAD03-E19E-615E-0B00-00000000FD01}636676C:\Windows\system32\lsass.exe{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30485|C:\Windows\system32\lsasrv.dll+2e31b|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x8000000000000000241157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.890{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{12612BE9-6044-47C0-97F0-8C78AB4B3889}\RegisteredSinceBootDWORD (0x00000001) 354300x8000000000000000241156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:37.020{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15WIN-HOST-34063398- 354300x8000000000000000241155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:36.793{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10e:0:0:2821:b0e:82aa:ffff-52903-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x8000000000000000241154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:36.793{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52903-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x8000000000000000241153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:36.788{6EDEAD03-E1A0-615E-1000-00000000FD01}372C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-676.attackrange.local68bootpcfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal67bootps 23542300x8000000000000000241152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.529{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-028MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.265{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20079B7DB585C1BDFE913C2BFC36B3AE,SHA256=90F6583E50EB2809A1EFC869C099347350D89AAFAAF186D9F60DAFB8788EE2CB,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000241150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000241149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001b99ac) 13241300x8000000000000000241148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0xe424e7af) 13241300x8000000000000000241147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb77-0x45e94faf) 13241300x8000000000000000241146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7f-0xa7adb7af) 13241300x8000000000000000241145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000241144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001b99ac) 13241300x8000000000000000241143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0xe424e7af) 13241300x8000000000000000241142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb77-0x45e94faf) 13241300x8000000000000000241141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:31:38.195{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7f-0xa7adb7af) 23542300x8000000000000000214433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:39.700{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BBC064F282BD3F67028857C11B83C02,SHA256=436463372757CF5C1230B0C8D6746E9DBD5DFFA30341A6A7E564D92F0CB8E867,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.800{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local56466-false10.0.1.14win-dc-676.attackrange.local53domain 354300x8000000000000000241178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.800{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-676.attackrange.local56466-false10.0.1.14win-dc-676.attackrange.local53domain 354300x8000000000000000241177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.798{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruefalse10.0.1.14win-dc-676.attackrange.local65496-false10.0.1.14win-dc-676.attackrange.local53domain 354300x8000000000000000241176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.797{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58440- 23542300x8000000000000000241175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:39.933{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66363B545C2F1FE2A714ED6CEBB9B0A1,SHA256=5DA3859FAA12E2B383BEB9D90FF3E09F10256C7AF34FF8906FC2A95E83CDCA35,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.558{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50056- 354300x8000000000000000241173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.126{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56722-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:39.528{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-029MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:39.282{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=972349CDA46F1AD7028E8637526EAF39,SHA256=BCBE63221EF74B8BD35D9DC61015AE01EF8B9C2D7E7DCC89C1CEC445CD2690C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:35.708{49C67628-E19D-615E-1600-00000000FE01}1168C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:c9c2:2946:9850:a5c6:8e8b:ffff-63398-truea00:10e:0:0:0:0:0:0-53domain 23542300x8000000000000000214434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:40.700{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B217D972B724B4D1E5E75DB8A1A5A07,SHA256=B84CE0751ED27BB8E51C819F884236CCF9990ACDC4424B2BFBA5D43EF26FFBDE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.812{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local53019- 354300x8000000000000000241187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.811{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local57659- 354300x8000000000000000241186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.811{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56983- 354300x8000000000000000241185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.810{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56312- 354300x8000000000000000241184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.810{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52304- 354300x8000000000000000241183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.803{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56467-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000241182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:38.803{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56467-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000241181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:40.701{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:40.289{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B63A828732293260903AACCCA73B687D,SHA256=C059DED6B4E2919D8A98E4A5C5903E6AE03BDD1A8E4CE064A0B247856976EE6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:41.700{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B895B94CE9E16EBD171922C98C86DEDB,SHA256=FB29B88CCAD9BFB3A45441C78E1307F571B4DF7447A33FC6825A85B4AE68014B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:41.299{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FB59649E7A8AD54A04FFDB57EE2AFA0,SHA256=56F6776C1C985356F840C4B4ED6F572A09DBAF36607123E6B820083F1DB9BDFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:37.647{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50065-false10.0.1.12-8000- 23542300x8000000000000000214437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:42.731{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB336B259710A8F074645AAD116E0AB1,SHA256=770605CE9DA92A809691A6258B0A2F8D7EFE4703DA2BFA4EC118B587F6D552E4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:40.590{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56468-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000241190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:42.304{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=227D89AEF12C5F16B7F16698E0E105BC,SHA256=21A74412851E63E7AC3FAA98487B2B7E6F94C0A858393D9AF1FEF77DA33344B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:43.856{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A926997A760E4217DDAE4D6304FCDD5,SHA256=9695A6C69BDEA786D605CECA22A4909AEAC5C33640BE79B1531AD6B7B07124C5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:42.419{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50646- 23542300x8000000000000000241192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:43.310{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C87FE5CF416C92EA2B9C711AED7D2BD9,SHA256=E7D04D7785F9A762C39B8F3FA8DA6996F6BC1062AE4ED09F2F0FE467EFB0F859,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:44.314{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E05C9CAB02A2CE8055BA2EF4727ACCE8,SHA256=9FDE7D972A7C175C4C2E64E95B4AE80FF4356E4DA30454F4822613CD2503378F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:44.015{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56469-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:45.319{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B7BB7EFD26993B7067761ACD961548F,SHA256=4C31925EE6E3017CCA93B5A0CDDE87069181F65D46FCCA8F75034C150A8BBAEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:45.934{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:45.075{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=713E15EB46F1E78F946506436BC1A077,SHA256=D5C61D752C3DA54F675DCE28B86A5B6E360E01A2F663A7AD7B425B14187F8AAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:46.811{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C140F720E138AE62E3C2C71F45152D2,SHA256=6CCFA3BC7590D9B9E9330E312762227F85D39D47D1C0BA7C7BD123C6C5E970CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:46.811{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B718CBB26048C8F7421BB69536B163E5,SHA256=1767EDE7FC9AF2DCE74039180E5EE6AD627534232BC072430BE113B9B4CD2693,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:46.328{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=892BF8376493DC3368E33CF89600781E,SHA256=1DEC829AE88B434E3904B17B45AA0E9045B9579926D87B2D8077508E1B35DBCD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:43.695{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50066-false10.0.1.12-8000- 23542300x8000000000000000214441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:46.153{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8515AB692D9F0CFE016D9B4475302DE,SHA256=0D7527364157DC6A1F7FABF140AD4E5390BD5AC8F7C2BFEC1BB9D18841ECC4E3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:44.507{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50067-false10.0.1.12-8089- 10341000x8000000000000000214456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8B3-615E-6401-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E8B3-615E-6401-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.387{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8B3-615E-6401-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.388{49C67628-E8B3-615E-6401-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:47.215{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85215CBB6DE9B98A6C4339E17D196868,SHA256=00043D0C49D17FDB367D77BB4D5A8BCEBD110BF24BA6066C952DBA0883CF2552,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:47.599{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:47.339{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7263D17236D837838AFC8C719E5EBC9C,SHA256=2A6899994F618F891AC9B6FD39872F852164D20FED9C443B4A4F669A8B99F5DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:47.081{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:47.075{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:47.075{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:47.073{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:47.071{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.622{49C67628-E8B4-615E-6501-00000000FE01}11401316C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8B4-615E-6501-00000000FE01}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E8B4-615E-6501-00000000FE01}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.465{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8B4-615E-6501-00000000FE01}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.466{49C67628-E8B4-615E-6501-00000000FE01}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.387{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CFA55EE48575467CEC94F96FEA396690,SHA256=B19534506730A284E441E1262183043E751A6479B6D14DB0CB4D25B84DDBAF8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.387{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B640BFE328DB779C7A47C4C770C966E8,SHA256=B19E4C363F395F317CE306DC8F4132D01D1D7084D85808FCFCF97E68AA584719,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:48.247{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=034D0282DF07806CD3C813CCAF5D6FFE,SHA256=01DAFE163A842DEFB5BEB40EA6709EF4052B7F15B2599C3E95C6E8387EA24C23,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.657{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.657{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.657{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.649{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.649{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.625{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.549{6EDEAD03-E1A0-615E-1600-00000000FD01}12802176C:\Windows\system32\svchost.exe{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.549{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.385{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.385{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.385{6EDEAD03-E40D-615E-DD00-00000000FD01}27722156C:\Windows\system32\csrss.exe{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.385{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.385{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.385{6EDEAD03-E412-615E-EE00-00000000FD01}49641916C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+3d433|C:\Windows\System32\SHELL32.dll+3d2fb|C:\Windows\System32\SHELL32.dll+3cc17|C:\Windows\System32\SHELL32.dll+3c8dc|C:\Windows\System32\SHELL32.dll+e2157|C:\Windows\System32\SHELL32.dll+e20b5 154100x8000000000000000241208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.383{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe10.0.14393.953 (rs1_release_inmarket.170303-1614)Registry EditorMicrosoft® Windows® Operating SystemMicrosoft CorporationREGEDIT.EXE"C:\Windows\regedit.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=BF5D30514FEA913E25CCC9E546257088,SHA256=254B18A8CC6589AF666EE17CE4E76C67350AECF578206CC7678745ED47A32D63,IMPHASH=E6DBB62DC548A099806914C678466448{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000241207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:48.349{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54344CF3A6F4722ACC4697400163E237,SHA256=92CB67EB1FF36538034AA72FDBA466CB1C30DD94685A0A0BA8C2A5B02C7C3D89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.778{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CFA55EE48575467CEC94F96FEA396690,SHA256=B19534506730A284E441E1262183043E751A6479B6D14DB0CB4D25B84DDBAF8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.778{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F11B3D5DDCD7193FD1014CE481CF9341,SHA256=E577ECF30A5F374671F0CCD569AA5F38CD7B979309B6112974A324DBF80A2381,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.696{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.696{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.696{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.696{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.696{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.696{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.688{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.395{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C140F720E138AE62E3C2C71F45152D2,SHA256=6CCFA3BC7590D9B9E9330E312762227F85D39D47D1C0BA7C7BD123C6C5E970CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.360{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11B211ABA31F75373552978933822266,SHA256=E369C5FEE753C87528C6E2D8DF18E0E479CDCF43EB75162576A9FB9F60A9947A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8B5-615E-6601-00000000FE01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E8B5-615E-6601-00000000FE01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.137{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8B5-615E-6601-00000000FE01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.138{49C67628-E8B5-615E-6601-00000000FE01}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:50.887{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DDD0D0BAC35F5DD1D97E85191485FB9,SHA256=88D8161E2A3AFEA2F39391BBAA3D8891D68D56933AFC9623EDF10D9A4FE9F10B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:50.743{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA7D739C324ACBF77C1E61D693230393,SHA256=C5543EC795EC10C41A4B338227551BF4FD7C78BFAE6B6ED386CA6098C7689B9A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.935{49C67628-E8B7-615E-6801-00000000FE01}14561240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:51.745{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1284ACDCE6ACC108609D6A3706E15EDA,SHA256=2E491F8FBC78B3350E50B3722898CC3AAF9C7FE869DA77040C01FA66740772B9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8B7-615E-6801-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E8B7-615E-6801-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8B7-615E-6801-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.778{49C67628-E8B7-615E-6801-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000214504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.262{49C67628-E8B7-615E-6701-00000000FE01}26562412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8B7-615E-6701-00000000FE01}2656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E8B7-615E-6701-00000000FE01}2656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8B7-615E-6701-00000000FE01}2656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.106{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:51.107{49C67628-E8B7-615E-6701-00000000FE01}2656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000241262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:49.099{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56470-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:52.798{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B4C2C4CD054E2259C4BCB411BE8682B,SHA256=2DCCBFF3F742BE1E075EDD62EA8E64BFC797DDE124A28E8643D5B495DA15D4F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.607{49C67628-E8B8-615E-6901-00000000FE01}18721876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8B8-615E-6901-00000000FE01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E8B8-615E-6901-00000000FE01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8B8-615E-6901-00000000FE01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.450{49C67628-E8B8-615E-6901-00000000FE01}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.121{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=91292DA6CC834B71E37F1C0403CD7041,SHA256=E97FC79B6D1B687A1AB4C31A3E6611D070576D535BC0F17EC9F6173A89C55615,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.059{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8484ECE324CC3986184E20488B1ADB36,SHA256=A8ABA986758C41B6F8A1FC1F3C5DD5EC1639796A35B014D4C3017E90A18B2095,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:53.803{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C69A97BD800A5506144DC2B200CD092E,SHA256=BFABC3111DAD2B7B06CB683CCB0CA4947BCF7F6B7CBE191FC8A0088BC47C88BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:49.663{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50068-false10.0.1.12-8000- 23542300x8000000000000000214549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.481{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B18468C1EE1C31E6AFF89BFC1B4DF889,SHA256=93F3CD56062DDAEA504D18431759DD8CEEE7337A8F5A7E78E624C37DA30F16E6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8B9-615E-6A01-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E8B9-615E-6A01-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.278{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8B9-615E-6A01-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:53.279{49C67628-E8B9-615E-6A01-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:52.996{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=759C1A4F9C823C21D9E34D88D8C37C49,SHA256=A4AA702CC9DE17D54659ED57620C931D60CC6913DEFCCC70FD791F8061A75327,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:54.834{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD46A8391E4093ED4726374209F30B28,SHA256=933D4FE83F7DAE51FC6095B392747A4CD3D7121B82B4553F64947DD6337A8F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:54.012{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74B4D818ADCBDD3045B12B6EA650AEDA,SHA256=1A773F0319A74D86DCC1033D360E47A7462C88A090E4EB3B304407CF3233C9CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:55.834{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7843A9CC405BC3016DC30C86DA929BE,SHA256=F62B9483C5FFEB98948703548096ABB58048F4A2A537FF99A0D4EA07A992AED4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:55.121{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7418F5DC76D55BB1AA031C79FC62B063,SHA256=2D52C0AB774D58E6256EAEBEF7389CC75AC426F1A6CDF94CEE23A19231C5A2D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:56.864{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=282F8F2642D95F93E39D5DC15C28975C,SHA256=710BA0ADB20502C07B8F0DEE22504FDE92A41101BF6B32FD3A74107E9B41FEB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:56.246{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7FCB2AACA2AB8BD1418BBDFA285924F,SHA256=85DC61D703BDFB3D36A7F0FCE558219C900E469384AC83D5EA4C81122657AA28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:57.884{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54B0993EB9030CFFC5906D34CA7D8DC9,SHA256=735ED2E6009A3D219D769A8EB243F34F1421DC2EEFC761D730610DF4C98A867C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:57.246{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09A067931E64BA9B35F2BDE7B58DF769,SHA256=CAAB6DF5BDE9152A035AA5EB057C87221D2216B92012525440D79EC707E828CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:55.122{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56471-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:58.901{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88EEF95BBA70D96AAE805A9FDCCEB671,SHA256=2D8346D777D9032A8EC117AE41C6C831063AA55D39E2057EAF9B1379BC9E2625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:58.246{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56865132BF241307D61DF5D608ADB585,SHA256=5C7ACCE00A86DFA74DBA9FAB3EE61DF0845BFC801A363E3ED4999AB2104095E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:31:59.932{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51ADEDABDB76C02CAEAB1EE7C7CECE9D,SHA256=4771D571A274AD208943C79E687E675F8E7A219464BDBCC29FF74AD23FDC7278,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:55.694{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50069-false10.0.1.12-8000- 23542300x8000000000000000214556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:31:59.277{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43505013D09A60BB34B9D6E7731025B0,SHA256=1E491EB6F1696EC62ED6AD2CAD7216D43B199A7D4DAE4C7424AE583D13F9F342,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:00.934{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A6231CE4F12A02026EC9FB771D13CD6,SHA256=313E8BF338CF04BEFDF45E5FECE261F08A4F14DF4681DDC746398C85CE480530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:00.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60AF993826FDB7135268CFCF92A99FEB,SHA256=C519A1917A4A982331FB0B5A5707A348F956DD0BBD724D29983B5199F3412A4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:01.963{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BF72FB5D56CD4B96EC4F5D8FEFCB0AF,SHA256=6842E612B99E6F8C9C8BE9677977E0BA4938BAE785EAE6FCB391C31DC3CE37AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:01.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC9315FD6DE02AAAF5A08ADADEB629EA,SHA256=932813CCD1957D064246D0EAE62912CB0FF960CE715B502517A9BB98CD25284C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:02.981{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64A767A9892FB4F4D98A659F5A82278B,SHA256=2974242AA071A36EFAFDC74ABD29E3823FFE7370A7C99B713F1D64A39BA78538,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:02.324{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13A1B1E9BECA5BCD6BED9EF24A83800F,SHA256=55BF9A654AEA27BC407016808C33BEF5FA607D0F71C0AD220BF106D259B12D20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:03.355{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CFE9E01DD809ABA2B0A4D64F52B83F8,SHA256=8E22036419362A55D680955592CB63CE2BB1AC320E0DED25946AA25962B89884,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:00.966{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56472-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000214563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:01.710{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50070-false10.0.1.12-8000- 23542300x8000000000000000214562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:04.371{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E142EE5F3D55D5526B047F8850A94DD,SHA256=307CA091DA8CE059302D68E3F7E436FED16CCE037EAA0FACF990F92C1118FB9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:04.000{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F1F18D29667AF64E21F1DA4F26C240,SHA256=44DF1FDED971EB59A178AD2F9ABF083EAB16B8794E6EEE524E78EEF63455AA67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:05.371{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D69466BD07A4653E7BD10DDE52ABA6C,SHA256=0357457B70D3D90A9CFBF003BDE1B005910DC1F671BD354D450EAD0BC014ADF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:05.015{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA153229F48CAE35CDBC30ADC56A9A0B,SHA256=D237CA85B4B15BFED545F70B0495B4C62879BC130922DF88CBD95765283A93D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:06.371{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80C3DD4B7210C4EA08571B44FBD70D5A,SHA256=525F2B7DE37023EF2CB5FAA46928841C4F3D0EAA43ACDBAD92403223E2DE88C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.431{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E8C6-615E-B801-00000000FD01}6148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.431{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.431{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.431{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.431{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.431{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E8C6-615E-B801-00000000FD01}6148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.431{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E8C6-615E-B801-00000000FD01}6148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.432{6EDEAD03-E8C6-615E-B801-00000000FD01}6148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.016{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AE1BCD4B6BBB385366878D796721F5B,SHA256=6EBECEAC1E4950664A6683282F4779BFFB1A800B93B7F0AF14BA85B4176B26C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:07.496{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DDF445BD150E79D75F969F8E413BBA7,SHA256=666CAF0D84BAD57E91C47BE43BD76EFCDE75A37B4A9E92B0B997507801BE4A47,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E8C7-615E-BA01-00000000FD01}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E8C7-615E-BA01-00000000FD01}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E8C7-615E-BA01-00000000FD01}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.766{6EDEAD03-E8C7-615E-BA01-00000000FD01}5924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.434{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E7D27144F23D72621B10230C4B285FA,SHA256=86EFDD6177960BB966E42360F7767D14E22F5FFFC517AD0E2A827BABA97298DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.434{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB7C02D185840A2EF9D9300101AAF8BD,SHA256=0FC6A62AC5844D634AE44219834A3FFB1063BB164903C34C328BE61D9016B235,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.350{6EDEAD03-E8C7-615E-B901-00000000FD01}6126888C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.102{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E8C7-615E-B901-00000000FD01}612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.102{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.102{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.102{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.102{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.102{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E8C7-615E-B901-00000000FD01}612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.102{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E8C7-615E-B901-00000000FD01}612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.103{6EDEAD03-E8C7-615E-B901-00000000FD01}612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:07.032{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A14B4037319B83DF908EEAC67A978D,SHA256=43A43AF8ECF60BDB2B0BCB9627A360A10B6218DC779920601B6F7393AC03C0D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:08.543{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD87FB5759D6F764B630C45758065A60,SHA256=FD4D0660132B593CE44CF3108EE30FF25AEEC1CE456D0EB89DD7DF9A926DF5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:08.785{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E7D27144F23D72621B10230C4B285FA,SHA256=86EFDD6177960BB966E42360F7767D14E22F5FFFC517AD0E2A827BABA97298DA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.653{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56474-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000241310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.653{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56474-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000241309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:06.135{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56473-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:08.035{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D6DAFBA1F97C54CF7C9F7E1A50CA865,SHA256=10E537DDDF2CEC606DF4405FB0B91BB170A99261F287BACA0D9C88AD3927339D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:09.543{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C63FA25963E4F500CE57DDDF83471C3,SHA256=0E31BE606DBAA06399B1A0E5466F055833A6EB0E791362D8E8E5A4439F4AEA2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.787{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.787{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.786{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E8C9-615E-BB01-00000000FD01}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.783{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.783{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.782{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E8C9-615E-BB01-00000000FD01}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.782{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E8C9-615E-BB01-00000000FD01}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.782{6EDEAD03-E8C9-615E-BB01-00000000FD01}6692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:09.049{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFDD2550BA8EADB7297F2E4007383F8E,SHA256=DB0F15B6C9719FA95BFB93E25E7AC4226E7DE89306BCC68CA1170066119DD99A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:10.558{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA03EACF4030EC3529122F192E5EC06E,SHA256=8EDE5AD13F4D2B67C5434C3C48B5075E7643D6AAD414F1E227ED1C5018DBE7D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.919{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E8CA-615E-BC01-00000000FD01}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.919{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.919{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.919{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.919{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.919{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E8CA-615E-BC01-00000000FD01}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.919{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E8CA-615E-BC01-00000000FD01}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.920{6EDEAD03-E8CA-615E-BC01-00000000FD01}6932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.803{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=14B9BC241CE399533F5497020C33F8C7,SHA256=3CCB59D95046E476FEBD8880CA888440F7F1E3769B887813EACECB26DEC6BF3A,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000241326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:32:10.119{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x8000000000000000241325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:32:10.119{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x8000000000000000241324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:32:10.119{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x8000000000000000241323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.050{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62677F3E64D4DC8416954B568FFB9947,SHA256=A97D2B573B013DF6039D358CA155586295AE95EF872478BA04087D6BA39DF93D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.003{6EDEAD03-E8C9-615E-BB01-00000000FD01}66926696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:11.589{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1740F5A515EBC138C1E63E058ADA8DFA,SHA256=C01CCCD54CEB18AB42B283145553FFB62A7D6260B40E4515B1E7ADD9004DAD51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.935{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=375A1F5E4ADA6EED9F3FCBF1B0A18BD4,SHA256=4F3295847AE5FEAD980702686DB1F4812D5EDD92371D2864658B414AFE6DD816,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.819{6EDEAD03-E8CB-615E-BD01-00000000FD01}55806864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.603{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E8CB-615E-BD01-00000000FD01}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.603{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.603{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.603{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.603{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.603{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E8CB-615E-BD01-00000000FD01}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.603{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E8CB-615E-BD01-00000000FD01}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.604{6EDEAD03-E8CB-615E-BD01-00000000FD01}5580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000241339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.009{6EDEAD03-E1A0-615E-0D00-00000000FD01}892C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56475-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000241338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.009{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56475-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 10341000x8000000000000000241337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.134{6EDEAD03-E8CA-615E-BC01-00000000FD01}69327040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:11.050{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54090D403E80770A2D7E1498A20FF5E7,SHA256=320D33D35E1753E82F1A0446F9001596980C48E20EAD81EB334085F5498B27F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:07.710{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50071-false10.0.1.12-8000- 23542300x8000000000000000214572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:12.714{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D146A489658ECD2459D8F5B24AB68AB1,SHA256=ED79BB7ACE5EFF1492EB4A5E5BB52B3E3307F2DA80C9AD438311337FE7CF6C11,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.504{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E8CC-615E-BE01-00000000FD01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.504{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.504{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.504{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.504{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.504{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E8CC-615E-BE01-00000000FD01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.504{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E8CC-615E-BE01-00000000FD01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.505{6EDEAD03-E8CC-615E-BE01-00000000FD01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000241354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.044{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56477-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000241353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.044{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56477-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000241352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.032{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56476-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000241351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:10.032{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56476-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 23542300x8000000000000000241350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.067{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BA7D5A89107549255965B9650FAA152,SHA256=B497212CFD57649152447E6DC13293B076992D3E701CBBAF3F329984E9095F5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:13.714{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B88969189AE206B8E4F7E1B78B3D0D9,SHA256=5AE59EA91CD63E939A6D0C063F5A810F613230D2E572F9F3480F0FA6FDD0D203,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:13.921{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 10341000x8000000000000000241368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:13.921{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 10341000x8000000000000000241367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:13.752{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:13.752{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:13.752{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:13.506{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B034B241387832F17A5725DE0D00F103,SHA256=B1F6052DA9E5F6D7F5299E7A284200B230DA140DDD7ED90D499F06678F4702EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:13.068{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B428838304F4A827C229F0C9B20FCB4A,SHA256=26E86CCE7CA06685FE845ED796CFDFF89CEC1DA8E1635EF3301E5B6D0E6DB6D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:14.714{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=462DF613854C41786770C69792EE2D7B,SHA256=43FD3AFCAA562859D9A2BF24B3E26E77A7B6AF9529C9D7A2A42284E6503A2293,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:12.087{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56478-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:14.090{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1017E3FC36AB02CF114DC6CF5DCC0C3,SHA256=CF0A6BD53C9AF6ED27200CA065313194F2E854F6610648C6024C1F607D39971F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:14.052{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:15.714{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=443F6EC3CC8D8DC8ACBD31C600A5DD2F,SHA256=4C6598D37D9180B2024E03357F56BB9A30F332A6FC21785AEF58E7BB2F14BFFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:15.105{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0D7E0C5C41259EFCBDAA5641551876B,SHA256=539B93D40641C527838266D31EC15A656948B4662CC7610BC0BAAD2FE5FFA3D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:16.714{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0293208F7FB869486C21D4702E761A66,SHA256=5B7690AAEC548CA90B759B5F68E45FFDCFAB6C716761F190A2DFADE98BD833D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:16.120{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D49D65B3A8A3937959D103E2C38ADA9,SHA256=F472EA4EEB41B9767E59D6E7B19FD83E8D36A43D19D28BC94B868467E45F1303,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:13.726{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50072-false10.0.1.12-8000- 23542300x8000000000000000214578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:17.714{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=476E3917151354D63F32492FC9EED8F4,SHA256=06C37E7925B2A24464C3ACD8E39787C370740EAC4CEC206A7EE42224EB3F10DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:17.167{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35D4EB7AFFD581EFD0A06C5C59667E97,SHA256=4446FB419AA66AE5C7B7148EDA7F8547AEF0F7FD2AA6D8EAF696859AFB201E87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:18.714{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B60B1B32D1BBD0BC38FF1D1E5D96DBA6,SHA256=6694861B8D857B7BEF5F78BF1533C2BF8D7554EEF8370C2747ED6DBE50DF8D6C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.266{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E19B-615E-0100-00000000FD01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000241376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.184{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63312ED7BBF799229B235C151FCD63B5,SHA256=A16944BE9CE8F604BA9ACFEA4A3969AF60B8C73AD5396FB2E07E861C301A251A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:19.730{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11AB74F8B7F479DF8F171C8709B65657,SHA256=09646BA830EAFA90F9007CF0FAF367851D465C4B256267327066918F73D01F25,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.057{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56481-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000241385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.057{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56481-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000241384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.057{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56480-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x8000000000000000241383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.057{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56480-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x8000000000000000241382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.056{6EDEAD03-E1A0-615E-0D00-00000000FD01}892C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56479-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000241381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.056{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56479-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x8000000000000000241380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:19.204{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7A83B975A4F842D3D3CC55FD14F1605,SHA256=30C3EC2944AF61E59F977BDAB502D171637FD677A06612E3E177B705C537B7B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:19.167{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62C07E4AA1A30A2E6A0D02A3A23D49CA,SHA256=A16AF25C2D773C284938ECB941698E972D84880F24C5D20AFE54DCBA44FF0207,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:19.167{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3059BCBEF7EEF2972D785A9C2AFF54C,SHA256=3B45E9637165B96439705ABAE71FFBA42CD438F4BD62F6E2ED616627DB189E4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:20.730{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F0811003A911E3C6B072CCCA57C244C,SHA256=1C412EC6407EF435B06DEB2EC451224FD57ABCBC609D3FDBB94F8E838056D959,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.175{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56484-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000241391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.175{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local56484-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000241390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.085{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56483-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000241389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.066{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local56482-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000241388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:18.065{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56482-false10.0.1.14win-dc-676.attackrange.local389ldap 23542300x8000000000000000241387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:20.220{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B180E30AA34FE4EAA53176EE00E7E50,SHA256=EF146CCE858B8A474D4962D6FEAEB383F938C6581B458645D6D89118B1A5477B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:21.781{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-029MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:21.730{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E5723459EEB145D7A158FB32684075C,SHA256=18C994E729F207F46F4D259E504AA156EF354010029044FED56BF1E2FE9AF0EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:21.221{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4AB63DECD5AF753E16BCE46DE66B679,SHA256=C7EA662B4A98C7380505AD2ECED0D95B2F4C95D0DA2B52B52C173825DA175ADC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:22.791{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-030MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:22.743{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=391F67E169F242E39B78F18CFB5098F9,SHA256=771F19293EC350A2C8C46FB6CB68A407228D41850F189BBEC49BAB0479937AEA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000241396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:22.752{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\SiteSecurityServiceState.txt2021-10-06 08:48:34.156 23542300x8000000000000000241395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:22.752{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\SiteSecurityServiceState.txtMD5=522644B3E1688F3DACE60264D76EC9E8,SHA256=F4444764945117063356916EC263A009286517962334E2C98AB74F0A8683B471,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:22.236{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F9EACE4CA716207ABF9816485B6162F,SHA256=0221D6732310EA2F4A05062A723D9A50B495743F2346DC2165549D985C1E7D6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:19.757{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50073-false10.0.1.12-8000- 23542300x8000000000000000214587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:23.744{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7541D2B1663F809AB9ACFD47540E4597,SHA256=E343BD385DAA280AE765330CD1599829B12FCC061283D2D0AB7DE2EDC8C95E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:23.236{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A50BE1EF18973F57BE242DD37045CD9,SHA256=DF4483DB3A4202F4A09CD0B35397729C880C359E0C4062B39AF366E6B5EB4C1A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000241398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:23.085{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\AlternateServices.txt2021-10-06 08:48:34.241 23542300x8000000000000000241397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:23.084{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\AlternateServices.txtMD5=09C5862941B2F8ED322B868784EC2211,SHA256=482EE67EE0E177DBCCE4688F5BF330C8C887E11BB2DA6DA448867A6EA658D887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:24.744{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77E89B65CB313B1487F2C29DB2B73BCC,SHA256=A27DD4F02B3C7D24CB724FA16A5A5C127A75C684A281D959E4CF796B1558F48F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.893{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.754{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.754{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.738{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.738{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.738{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\31926MD5=879E05A7B0524D8D2589CF104DF33906,SHA256=D97BAF3C4D38C55E9C3D73301B8376C7562C4ABC67B57A3E917B188442E9B442,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.723{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\31926MD5=35DB498AD4B2B3AFEFCA05859D2C7FC1,SHA256=45556BE22E4B898B4285FA4F62CD9D8EACDABF876A9560D175F12EDBAF2BB8A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.691{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E426-615E-0E01-00000000FD01}5452C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+30046d6|C:\Program Files\Mozilla Firefox\xul.dll+9b75dc|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.568{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.543{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.543{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.543{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.506{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.506{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.506{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.506{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d8fb3f|C:\Program Files\Mozilla Firefox\xul.dll+d7e9d1|C:\Program Files\Mozilla Firefox\xul.dll+d7ff54|C:\Program Files\Mozilla Firefox\xul.dll+d824be|C:\Program Files\Mozilla Firefox\xul.dll+ba0dcc|C:\Program Files\Mozilla Firefox\xul.dll+b9dd95|C:\Program Files\Mozilla Firefox\xul.dll+28a0ac|C:\Program Files\Mozilla Firefox\xul.dll+289c41|C:\Program Files\Mozilla Firefox\xul.dll+ecc07f|C:\Program Files\Mozilla Firefox\xul.dll+16d32d2|C:\Program Files\Mozilla Firefox\xul.dll+16d1885|C:\Program Files\Mozilla Firefox\xul.dll+ba05ff|C:\Program Files\Mozilla Firefox\xul.dll+266756|C:\Program Files\Mozilla Firefox\xul.dll+234905|C:\Program Files\Mozilla Firefox\xul.dll+7c38e1|C:\Program Files\Mozilla Firefox\xul.dll+17a42a7|C:\Program Files\Mozilla Firefox\xul.dll+19b688e|C:\Program Files\Mozilla Firefox\xul.dll+165c550|C:\Program Files\Mozilla Firefox\xul.dll+162614a 10341000x8000000000000000241401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.321{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.237{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD8CF5C04DD613D197091D92972B4925,SHA256=635CA415AD8071D0B52F14EC85D5C6247CA203F6EE0C1B51D1D05364FD88D40F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:25.744{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1160F62759204D257A68C2F0A22FA5AF,SHA256=303015D0BE717010A9FA2EAD3BDE8B3B80D264F309A00D8D90669BC95EDCA5BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.616{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56488-false34.120.115.102102.115.120.34.bc.googleusercontent.com443https 354300x8000000000000000241474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.615{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65496- 354300x8000000000000000241473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.612{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54253- 354300x8000000000000000241472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.466{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56487-false64.190.63.136-80http 10341000x8000000000000000241471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.681{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+9346c1|C:\Program Files\Mozilla Firefox\xul.dll+99921d|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.660{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.660{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.644{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.644{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.632{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+93bf17|C:\Program Files\Mozilla Firefox\xul.dll+986a39|C:\Program Files\Mozilla Firefox\xul.dll+d88048|C:\Program Files\Mozilla Firefox\xul.dll+193adae|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+1903b07|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000241465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:32:25.632{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-9C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000241464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:32:25.632{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-9C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000241463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.617{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000241462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:32:25.608{6EDEAD03-E423-615E-0801-00000000FD01}5392\chrome.6016.28.198631034C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000241461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.608{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+1925623|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.608{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000241459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:32:25.608{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.28.198631034C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000241458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:32:25.604{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.27.100737102C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000241457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.604{6EDEAD03-E420-615E-0601-00000000FD01}60165416C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+12e9cb|C:\Program Files\Mozilla Firefox\xul.dll+115df2d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000241456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:32:25.604{6EDEAD03-E420-615E-0601-00000000FD01}6016\gecko-crash-server-pipe.6016C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000241455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.582{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAC3C4D9A60B00C445BAD507AA4350C5,SHA256=79F78841E0CC9701624E25F03A48714EF17F16DD204C9BC1404B0FBA8CE9B0D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d80d70|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.548{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000241439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.543{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+979d46|C:\Program Files\Mozilla Firefox\xul.dll+d96e88|C:\Program Files\Mozilla Firefox\xul.dll+d80a1a|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000241438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.543{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+d80991|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.543{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+bc795|C:\Program Files\Mozilla Firefox\xul.dll+d80668|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.543{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9326bf|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+15c3436|C:\Program Files\Mozilla Firefox\xul.dll+192543c|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.535{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.535{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.531{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.531{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.531{6EDEAD03-E40D-615E-DD00-00000000FD01}27722172C:\Windows\system32\csrss.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.531{6EDEAD03-E420-615E-0601-00000000FD01}60165412C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f02d|C:\Program Files\Mozilla Firefox\firefox.exe+2e235|C:\Program Files\Mozilla Firefox\xul.dll+1efde1a|C:\Program Files\Mozilla Firefox\xul.dll+92e2ba|C:\Program Files\Mozilla Firefox\xul.dll+92c4c5|C:\Program Files\Mozilla Firefox\xul.dll+93347e|C:\Program Files\Mozilla Firefox\xul.dll+7da221|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.534{6EDEAD03-E8D9-615E-BF01-00000000FD01}5756C:\Program Files\Mozilla Firefox\firefox.exe93.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6016.27.1007371023\216747410" -childID 10 -isForBrowser -prefsHandle 8356 -prefMapHandle 8500 -prefsLen 11823 -prefMapSize 246975 -jsInit 1164 286204 -parentBuildID 20210927210923 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6016 "\\.\pipe\gecko-crash-server-pipe.6016" 1944 2906b23f138 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332LowMD5=988976B1058A1DAE198C93A5688142FD,SHA256=28BE8E0485DBA68F6A4B37F6A68D7AE542B0DA00925A69EA12A4E7AA3B477EC6,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000241428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:32:25.523{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.27.100737102C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000241427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.286{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56486-false34.117.237.239239.237.117.34.bc.googleusercontent.com443https 354300x8000000000000000241426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.280{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60141- 354300x8000000000000000241425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.270{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49178- 354300x8000000000000000241424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.269{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49178-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x8000000000000000241423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.071{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56485-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000241422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.471{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.471{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000241420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.718{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com0142.250.186.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000241419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.716{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com0::ffff:142.250.186.36;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000241418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.257{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF9DE1A262CBE059FCAF793F4782D648,SHA256=76B6E993C582C41CE5F0DDD2683B68DA66752447900621956B17B4FC5E35886C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:26.744{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=737D8B84C81DA42B537D7BF6392DDA7C,SHA256=346A9BA03A44B7AF877F4C68D5BAEC159D4E3063FE93AAD3E9E1F07BD22975B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.617{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A44887A46BF80450485752CE799C7CDC,SHA256=54602F8D687F60C2AA29070A5AB6533E6C5218E232B44D3E5A287A8B66E7FC6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.613{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4949E041AF42EDDBB3AFC9785A2A642C,SHA256=A19F32B87B43A06AABB5C84B8BC378023DA029B0D545C3A1A587EFAADB94577B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.613{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62C07E4AA1A30A2E6A0D02A3A23D49CA,SHA256=A16AF25C2D773C284938ECB941698E972D84880F24C5D20AFE54DCBA44FF0207,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.288{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56494-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000241485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.265{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local61851-false10.0.0.2ip-10-0-0-2.eu-central-1.compute.internal53domain 354300x8000000000000000241484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.261{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56493-false142.250.185.65fra16s48-in-f1.1e100.net443https 23542300x8000000000000000241483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.072{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.904{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59778-false142.250.186.36fra24s04-in-f4.1e100.net443https 354300x8000000000000000241481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.838{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56491-false142.250.186.36fra24s04-in-f4.1e100.net443https 354300x8000000000000000241480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.837{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56492-false205.234.175.175vip1.G-anycast1.cachefly.net80http 354300x8000000000000000241479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.831{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56490-false142.250.186.36fra24s04-in-f4.1e100.net443https 354300x8000000000000000241478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.710{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56489-false142.250.186.36fra24s04-in-f4.1e100.net80http 354300x8000000000000000241477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.709{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59777- 354300x8000000000000000241476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:24.706{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52669- 23542300x8000000000000000214591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:27.744{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2B33D58EBE4C850934F15F5AB28ECC8,SHA256=A612D5BAC7C41218FA91AF35CAFCE14D8F23BE7834B682D9BE5CB689086B11C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:27.989{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:27.527{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E102E5640D3CF792FAA669EE71792CE0,SHA256=AECA516C8E09B38B89A1A3BF2EDEDEE98B51FC2A0621D720DAED99F0273ADA5C,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000241490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:25.281{6EDEAD03-E420-615E-0601-00000000FD01}6016googlehosted.l.googleusercontent.com02a00:1450:4001:812::2001;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000214593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:25.647{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50074-false10.0.1.12-8000- 23542300x8000000000000000214592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:28.744{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06703971C54449258211C670540ED130,SHA256=6E1EC638D0ED1DCDF6E5CE83110BB84F6CA39B993346981D49DE6C694CDBD3C5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.376{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53900- 354300x8000000000000000241504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.375{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51781- 354300x8000000000000000241503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.375{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61343- 354300x8000000000000000241502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.374{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58841- 354300x8000000000000000241501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.373{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50919- 354300x8000000000000000241500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.372{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57943- 22542200x8000000000000000241499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.384{6EDEAD03-E420-615E-0601-00000000FD01}6016www-amazon-de.customer.fastly.net0162.219.224.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000241498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.383{6EDEAD03-E420-615E-0601-00000000FD01}6016www.amazon.de0type: 5 tp.abe2c2f23-frontier.amazon.de;type: 5 www-amazon-de.customer.fastly.net;::ffff:162.219.224.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000241497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.383{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com0140.82.121.4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000241496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.382{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com0::ffff:140.82.121.4;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000241495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:28.532{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8695008934D8538FBDFE1E9CC22FDD0,SHA256=B12218CB5E368E7FC9DCB6F915533F535FD623F5B930E177FFC506BA65660986,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:28.045{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E426-615E-0E01-00000000FD01}5452C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+30046d6|C:\Program Files\Mozilla Firefox\xul.dll+9b75dc|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:28.031{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:29.744{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2763B8F9327395BB672294D4D484454C,SHA256=AFD731755273C3447819B61B719CB38EDA2A4343C11E016B31D9275FACE0A0B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:29.995{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A44887A46BF80450485752CE799C7CDC,SHA256=54602F8D687F60C2AA29070A5AB6533E6C5218E232B44D3E5A287A8B66E7FC6F,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000241508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:26.386{6EDEAD03-E420-615E-0601-00000000FD01}6016www-amazon-de.customer.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000241507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:29.537{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A395F315252CA336C5BE0A195F991C91,SHA256=1B805E6C5A8EA00006C3EA3EB9A530EC0460DDE6BF4228EA9509F376CE3E64A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:29.417{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\26854MD5=7CD67AF07B315C0FE44A6BF2CC5AC9F2,SHA256=343FEC6913C61C8E5D26F49AD0813FD57EEA5709718FC16D6B6A95436C9E08B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:30.760{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0442B4A4FEAA9F492BE9CC4586C83367,SHA256=F280FC913E9EB6E71F699954457F21FD3B7778B190A03704F609398EA967B7E6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.615{6EDEAD03-E1A0-615E-1600-00000000FD01}12802176C:\Windows\system32\svchost.exe{6EDEAD03-E8DE-615E-C001-00000000FD01}6464C:\Windows\System32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.615{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E8DE-615E-C001-00000000FD01}6464C:\Windows\System32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.575{6EDEAD03-E40D-615E-DD00-00000000FD01}27722172C:\Windows\system32\csrss.exe{6EDEAD03-E8DE-615E-C001-00000000FD01}6464C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.571{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.571{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.571{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.571{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.571{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E8DE-615E-C001-00000000FD01}6464C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.571{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E8DE-615E-C001-00000000FD01}6464C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37172|c:\windows\system32\rpcss.dll+3df8d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.570{6EDEAD03-E8DE-615E-C001-00000000FD01}6464C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{6EDEAD03-E1A0-615E-0C00-00000000FD01}836C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 23542300x8000000000000000241510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:30.543{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=447C7EAA8EE8E257F8B5CDA8DD9DB311,SHA256=2BED1110B783BE699EA15FC05D7193BE7ACD9F19B30BDA70991A9D7733C262EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:31.760{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47D4074A6C95FC50D966F99B2FC9378E,SHA256=59BF4257194A64A2FAB9DEE367DCAE84D895A63BA566A1057B04C7BDCD6E09B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:29.957{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56495-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:31.573{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D6A5EB519310A0AEE2AD39F9861C4428,SHA256=F41E080E9B1969363973A5C71DF9DA62AE5CAB8AED452103EB22E98AE60128BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:31.557{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA4BA70B55CD3E0DA4AA9E04CC2E2D47,SHA256=5718210D8C87FAA04C56B371EA0B14FBD5A0B016EFC40F41C602EFCB3BA31A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:32.760{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C159416328832FF565DFFA83E0A26A1,SHA256=D61F8931B27662B2BD3CFA109F0F6EEC35C9BA943091E03B63DB93F8637E9C1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:32.696{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\cache\caches.sqlite-walMD5=6AF4AC6DCE9D6E04FB10845F257D02FE,SHA256=83ED74E49F2FC11B47951D743EB833B6005C141285D07FBCFCBB2C0ACF2AECC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:32.679{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\cache\caches.sqlite-shmMD5=EEF1DA68A66BE9D43505021BAB232C34,SHA256=6BF74C1B8A33B7A9F59EC0F6E68D8CFA33799F9062D2EEBF4A17315750F3D9B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:32.647{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\29059MD5=A9523B7A36569594743FD191295361BE,SHA256=54337E13D50F77CA191FBE2EFAA99F47E6A3408F50781168708CFB403AC7AB0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:32.571{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0138A888D5B535CA9FD7ADEAB12FE2B,SHA256=FAA71B7D40E2D0C39DD5237E42BF1D3983723257BA388D8686F480AF2FAA7F22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:33.884{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=776780BB4796C6293C673547D1C0507C,SHA256=293C910A664667AAF5DCDF12D600E57927DA46D434937FF592CA2DD69FA1353F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:33.576{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37CEA8A15EECBBE17F466478476261A3,SHA256=81EA657A67B8021FA7505EABBA557CC767AF45E5C1BB901F213EBFA602610A07,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:31.694{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50075-false10.0.1.12-8000- 23542300x8000000000000000214599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:34.884{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BF2169A850FDA2772E095D44088BB14,SHA256=6C1F84A74AD04965CED43416F5CB19E30EF44674CFEF0F8E3B8DB4E401A316D7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.806{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.790{6EDEAD03-E1A0-615E-1600-00000000FD01}12802176C:\Windows\system32\svchost.exe{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.790{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.610{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91662E08A2D1624EFC96F12FE6CEF840,SHA256=224D746DC61E44804997B527E30A335E1FE0283124A3F78D986DD730F6C89583,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.526{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.526{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.526{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.526{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.526{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.522{6EDEAD03-E412-615E-EE00-00000000FD01}49646624C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Notepad++\NppShell_06.dll+4449|C:\Program Files\Notepad++\NppShell_06.dll+46a6|C:\Windows\System32\SHELL32.dll+80257|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+17c27c|C:\Windows\System32\SHELL32.dll+19ea38|C:\Windows\System32\SHELL32.dll+284683|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17c520|C:\Windows\System32\SHELL32.dll+17999e|C:\Windows\System32\SHELL32.dll+736c1|C:\Windows\System32\SHELL32.dll+765a6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53 154100x8000000000000000241529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:34.441{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe8.15Notepad++ : a free (GPL) source code editorNotepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\ansible\AttackRangeSysmon.xml"C:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=FFA5A4D514D5C6C8941F27AE70F5153F,SHA256=D8796686D89D91895EB4D9DA7B7927CCB6EEA60563E7CA1B5BE752938BDC56C8,IMPHASH=4E6B94197F3543B5F40334E36F4E7385{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000214602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:35.963{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0B78F6E2CEB32314CCFC8541B0DF289,SHA256=16323B1099EA02EE61EC8E329A7B74EC4E76E17F10A4E38B437295A6CAECAC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.629{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86BD83CA9C1D834D896B8586384C1C56,SHA256=771AEA533CDB23060B03442B8DD3EEF169B13DCDCB10E0648E1172D873062D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:35.056{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=AF70A8B5364301E1AD24E58FC6103A82,SHA256=3F81C19DA414C6A0F33013E4F7A0C9895BD05348A97BCEE685D34E75A1AB18C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.471{6EDEAD03-E412-615E-EE00-00000000FD01}49643204C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.471{6EDEAD03-E412-615E-EE00-00000000FD01}49643204C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.471{6EDEAD03-E412-615E-EE00-00000000FD01}49643204C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.471{6EDEAD03-E412-615E-EE00-00000000FD01}49645004C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.467{6EDEAD03-E412-615E-EE00-00000000FD01}49645004C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.467{6EDEAD03-E412-615E-EE00-00000000FD01}49645004C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.467{6EDEAD03-E412-615E-EE00-00000000FD01}49645004C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.443{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=456C17E3F6E5F98F1F2EFDB707D96F99,SHA256=08181E0E7B2268CE60060050207917CA3B6EB0702D2EC0C9088CE09ED61D91D5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.049{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.045{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.029{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.025{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.025{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.025{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000241558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:35.146{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56496-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:36.671{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9121BC944DF17D0866ACB5E5299F4833,SHA256=C351F14D938B4FFAEDFF672CC854DCAC4E492D5AB80168335CEBC2FC5A558FB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:36.635{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:36.635{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=64E8031E4125A980FBD44F014C7C0EF4,SHA256=AD0ABBCF358CBFA439321A61BE0E3EA953F9B9FD755C0AFC3821367E5ACE1634,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:37.684{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21FF47154E1A96037267C41D9D83D168,SHA256=AE196B8C4D84DC75867EFA548EF5B892C72370073D05644F3336F628A13845B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:37.119{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDAF62E5E67503A8D3CF486EA7692068,SHA256=DD73F69FF331B058806917716591EF97B92B4B618CA06B366FC9D6B4F64DE0EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:37.136{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E9A14ECA2C336AA8CDC0FC67A66BE513,SHA256=2F7F1F9F0D2101B379D2ADF0A356E37EC2283CDD528C8B5BB441CBBC994B7AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:38.686{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C0AEB8306EF8388E61955442AA0BC0D,SHA256=FEBC03F035A3CBCEA11CBA415585CCEAC7DD491E943ACF4329B001567A2A3968,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:38.244{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A47E083C402170324192B50D5D72A73,SHA256=9E4C2074C32BBB8B3BD061A3189EE56093EC1C6EA6259268B8AD8F950E0C45CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:39.696{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFC99072B3D60FDC36D5EF70D4DD73B9,SHA256=D6B009135C4F2D3ED37FE647FBC382F8A83ADA0262387E0A475F77765112BC43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:39.259{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD82939612182F89F4F683E116A3AE45,SHA256=30EB25ABAC1BC6CF62F717E9002F56C119813062934EA874ABAB0F043F07EC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:40.715{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:40.701{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C3ED7E34E8CCE2F56E3AB0CA21B3BAD,SHA256=638F8A96D047DF7E37D3DF02EDB79AE0AB47A73EEC1F739972CFE08FA375CE17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:40.291{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCC5CD77097817B2C043B6D6513FDC1C,SHA256=C531DEC4768F5567DE548767770736C1D8B48326413EB0EEBBEADA2BE40D8677,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:40.043{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=C41B218D5A0B19166509156261E355FB,SHA256=55A2E12F901CE4D7C0094ADD41CA38B52EA6EC5775806EE8A18547FC480E334A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:40.041{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-029MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:41.702{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BEC09E6F6C4B1B4BAEAAC1477BD1A02,SHA256=50FF3A6D6A50B134587C43B3415B56757AE9A75B95B26E0E7FBCED8BA95AC629,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:37.678{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50076-false10.0.1.12-8000- 23542300x8000000000000000214607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:41.291{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4583A4E0EB9A525DCA6D76A74C6A1B4,SHA256=375FE538444DBEDEBD37F2DCD24DB7FFC226E43699E5216724BF271C689ECD98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:41.039{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-030MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:40.925{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56498-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000241571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:40.610{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56497-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000241570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:42.703{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64C6C0D437E411D917E3B779B940A7BA,SHA256=C9CFBBC7ACB87F969C9920C15ABCFFF5AFBCD95213B9C589C1CC48F2DE568EB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:42.291{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE723CF076988D184DB6D9D1324810C1,SHA256=629C2A12DF2A9BC95B975F50B4729E8888464F4BE9500D4CDDF9733C130608FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:42.595{6EDEAD03-E8E2-615E-C101-00000000FD01}4684ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\session.xmlMD5=35017B7C548E780F95DD3B75B54D82CE,SHA256=46B8802F95DB42E73D7543A6799357869312B6FA83681F370E831AF5E3867673,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:43.722{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82C42F46FC44EF82D780E46836FE923A,SHA256=966DBF0725A02F8A60F1BFB6670D926D3DF395086DBCCB3408DBA285ED38E491,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:43.494{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2028E913404409707E0F667ADD1FD0B5,SHA256=1DB4A91C5EEB66AC094F870AA80736DA2763ECFEF1ABD22CA8ABE1B7EC0AB7F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:44.726{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C1DBD67E226684DBA0020B44F3C4F7C,SHA256=0FB3E08F9760F8938C8B398636D40573AC13C65595F87BD16B51CB97C876ECBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:44.587{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD9654B51888208B5C08160941193219,SHA256=EA7F329F2013C21617512BC66195F31E72C031EE991E6EEABB72DEC99809D22F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:45.734{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5B6A3745101423DE3F6B1B8A1D4FC23,SHA256=798124CD8A4387E621B53C714C29041A63BF472A8CDFAA1EA1CD0639B811B76C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:45.947{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:42.772{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50077-false10.0.1.12-8000- 23542300x8000000000000000214612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:45.619{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A8C900A39C85B2838ADC8BB5C793F77,SHA256=5B30B509B625DB88B30987DB06842C7AAAC1C854072A45181C65ADE86651DCBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:46.739{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABBB0001C531BECB07145DC26E9C330B,SHA256=D5AB8C6D31D5B3B2842799E8F74036FF20788279C424DAB8504ACABA7E93DD01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:46.790{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7890EB7769A5A313A1AE7D5AE54BCC11,SHA256=8C1763CB542B950FDCE36D164DEFCFC82B33F5896E3FB6367214D86CD1BDF99B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:46.131{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56499-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:47.744{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=905498B1846C2E43C963A66A471E906F,SHA256=8B45B2255DB61CAA47E7562F174953BF39C8DF5D2C080F8C60CB6C10C56ED43A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.790{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4EC596F76AAA2B03ABB1BD95835BF04,SHA256=49F0B2BC359E8FDD39DDC6B7CDB49B6A12B05BD6139991B824098DE9C507A4BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8EF-615E-6B01-00000000FE01}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E8EF-615E-6B01-00000000FE01}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.384{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8EF-615E-6B01-00000000FE01}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:47.385{49C67628-E8EF-615E-6B01-00000000FE01}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:48.751{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63CB73F0D9146C30E19F789E28AA1599,SHA256=D97C707C0EC114EA457870E6F86D1A10BCF6CF650208D96A2A58150D0D704B69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.790{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=364A1EB9FD2574B62FE6636EA9F61AB4,SHA256=15B3E699B9A272498210B457B0467D2B3D704A2F44243ED4816BA1AC474A6960,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:44.507{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50078-false10.0.1.12-8089- 10341000x8000000000000000214645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.634{49C67628-E8F0-615E-6C01-00000000FE01}40523948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=992C5BE79A285CB38952389365C663AE,SHA256=7764B07BB82C3B733BBF543D287A0C29226EF77190191DC04671E030A4759FA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54D2034DD9B4D9BA506D73643AB6EC68,SHA256=DB7C3B34CA22B62A77557E73E8C8DAE4032E29A63186EAF7F399A319DC4C3C21,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8F0-615E-6C01-00000000FE01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E8F0-615E-6C01-00000000FE01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.478{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8F0-615E-6C01-00000000FE01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.479{49C67628-E8F0-615E-6C01-00000000FE01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:49.764{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6EAD8C28E4E3827232890F0DB38E234,SHA256=5489B54A73FD4F3CE220DDD31908F29DF4884F2D8D6C7D420C92445A5944D403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.790{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6FAF71A5C90F3ECC1C1E62FA428D5CD,SHA256=223F386911AAD57B1A50C159432675C8EEB8F4FA9EDA4D68A9002F021FEF517E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:49.591{6EDEAD03-E8E2-615E-C101-00000000FD01}4684ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\backup\AttackRangeSysmon.xml@2021-10-07_123242MD5=5949A09ABC35FBFF4C394F5191FB4261,SHA256=8C9A073345FFA4C084A5731899795AD5CF18F940649D91EA63B9CBBF0378174B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.493{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=992C5BE79A285CB38952389365C663AE,SHA256=7764B07BB82C3B733BBF543D287A0C29226EF77190191DC04671E030A4759FA9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8F1-615E-6D01-00000000FE01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E8F1-615E-6D01-00000000FE01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8F1-615E-6D01-00000000FE01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:49.150{49C67628-E8F1-615E-6D01-00000000FE01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:50.790{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3571FB1D69801C3AC0D4CC5567365D9,SHA256=0160B2A6F900976245E51CDA59281481956CBD916C757F32272F73997319A299,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:50.777{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A0A728FB5BC93610F9A549AC4B1371F,SHA256=8F5EA64C6362A639000B8A4D984C600E4362013B6B5665C1D88924C5BE9DC23E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.947{49C67628-E8F3-615E-6F01-00000000FE01}29882400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDBDDDB9788E77DDC7E3BCA86C492D5A,SHA256=D63E55AA912423CFDFCFBDD8B97F235B3D5FFD3E782516EBFBFF96B5F7BDC224,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8F3-615E-6F01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E8F3-615E-6F01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.790{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8F3-615E-6F01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.791{49C67628-E8F3-615E-6F01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:51.779{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9FD5A4A618136A58C66B7979174888F,SHA256=254CBE8B2C9CE557306B3F2163284D110F8A35B39A0F587B164AA0CDF01E1F13,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:48.788{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50079-false10.0.1.12-8000- 10341000x8000000000000000214677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.415{49C67628-E8F3-615E-6E01-00000000FE01}6881252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8F3-615E-6E01-00000000FE01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E8F3-615E-6E01-00000000FE01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.118{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8F3-615E-6E01-00000000FE01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:51.119{49C67628-E8F3-615E-6E01-00000000FE01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000241585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:51.143{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56500-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:52.785{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CBA9DED616C6E6B3FD687590A731060,SHA256=674E835036F2D9E43FC24A0E4E9439B701276A875BEDBAFD044854DC002B0A11,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.556{49C67628-E8F4-615E-7001-00000000FE01}34882804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8F4-615E-7001-00000000FE01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E8F4-615E-7001-00000000FE01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.400{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8F4-615E-7001-00000000FE01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.401{49C67628-E8F4-615E-7001-00000000FE01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:52.353{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2DC52D4A87C6D714DF0FF72891027784,SHA256=354E9B7BBC724F8DD47AB6E7DBDB49B0194AFB3F01814E5D7F2AA98E86708F65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:53.791{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F01DB74BF287E5D58C3942FB38534DEC,SHA256=4617327A417E0C2F8A0EFAAB25BAA974B96C04C452D58968D8A762FE9F5396D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.603{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F9B1386950D8C9D49F6F29CB44C35BCE,SHA256=7D0CDB02BD52367A85F2028544DBCF46D7C68A08EBBAFE1F1AA730546D03A969,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E8F5-615E-7101-00000000FE01}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E8F5-615E-7101-00000000FE01}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E8F5-615E-7101-00000000FE01}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.275{49C67628-E8F5-615E-7101-00000000FE01}3968C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:53.025{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13506760FAD0C4AA128C295AA27E642A,SHA256=1F3DD4ADBDF428728B547E52778DA210032CC9407803C8D9E2C75EA69BBC2A35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:54.796{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED44E7AF258BCAA75771BB2A2E405C46,SHA256=98294985E5142AD9B7680C4314F73DD10B501183AB0AD73B19AC7FB94153B4DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:54.134{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2E917E7971D8A872D509CE277C7BBE9,SHA256=6719165DBCEA0694C9956EA04D5ED8C8D26C6AF6D2FC128FD12AF96D9DEAECD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.935{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA0C8D10D80F94A9F2DB4F044ADF3E53,SHA256=D464400643F3F335BDFC4DEBC0D46F0BC6C51BCCA03AFD25495D96740EFA3962,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.926{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22F343CB867F1182B88BAA99DA5A1F5E,SHA256=DFF60AA2D5B2A49A7CF9F7D8DABB32006892A1B4896AF78BA3E69E439868DD0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:55.197{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CD604011D9CE7E8C85A40E1AA631399,SHA256=EA82C120777E9B3A89440D8B9348F39F15594803CD66664C083BF8461C560019,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.734{6EDEAD03-E411-615E-E400-00000000FD01}43924420C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76e7a|C:\Windows\System32\combase.dll+6dc4d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b283|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000241629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.734{6EDEAD03-E411-615E-E400-00000000FD01}43924420C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76e7a|C:\Windows\System32\combase.dll+6dc4d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b283|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000241628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.719{6EDEAD03-E411-615E-E400-00000000FD01}43924432C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000241627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.719{6EDEAD03-E411-615E-E400-00000000FD01}43924432C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000241626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.688{6EDEAD03-E412-615E-EE00-00000000FD01}49644160C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.688{6EDEAD03-E412-615E-EE00-00000000FD01}49644160C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.657{6EDEAD03-E411-615E-E400-00000000FD01}43924420C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76e7a|C:\Windows\System32\combase.dll+6dc4d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b283|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000241623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.656{6EDEAD03-E411-615E-E400-00000000FD01}43924420C:\Windows\System32\RuntimeBroker.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+3810b|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76e7a|C:\Windows\System32\combase.dll+6dc4d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b283|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x8000000000000000241622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.633{6EDEAD03-E412-615E-EE00-00000000FD01}49645944C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.633{6EDEAD03-E412-615E-EE00-00000000FD01}49645944C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.633{6EDEAD03-E412-615E-EE00-00000000FD01}49645100C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+b6c18|C:\Windows\System32\TwinUI.dll+b7777|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+37c8f|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+34376|C:\Windows\System32\combase.dll+33b2a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000241619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.633{6EDEAD03-E412-615E-EE00-00000000FD01}49645100C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+b6c18|C:\Windows\System32\TwinUI.dll+b7777|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+37c8f|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+34376|C:\Windows\System32\combase.dll+33b2a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000241618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.618{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.618{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.618{6EDEAD03-E412-615E-EE00-00000000FD01}49646488C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.603{6EDEAD03-E412-615E-EE00-00000000FD01}49646488C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.603{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.603{6EDEAD03-E412-615E-EE00-00000000FD01}49646488C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.603{6EDEAD03-E412-615E-EE00-00000000FD01}49646488C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921408C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921408C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921408C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921408C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921408C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921408C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.588{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.573{6EDEAD03-E1A0-615E-1600-00000000FD01}12802176C:\Windows\system32\svchost.exe{6EDEAD03-E8F7-615E-C201-00000000FD01}4312C:\Windows\System32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.573{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E8F7-615E-C201-00000000FD01}4312C:\Windows\System32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.474{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E8F7-615E-C201-00000000FD01}4312C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.474{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.474{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.474{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.474{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.474{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E8F7-615E-C201-00000000FD01}4312C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.474{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E8F7-615E-C201-00000000FD01}4312C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37172|c:\windows\system32\rpcss.dll+3df8d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:55.476{6EDEAD03-E8F7-615E-C201-00000000FD01}4312C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{6EDEAD03-E1A0-615E-0C00-00000000FD01}836C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 23542300x8000000000000000241651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.937{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAD515E6BCEE082103CA039743130D82,SHA256=07C077288963F62472127AE019DCAFACE5706D4D67B127AA2D8B11A83BC8BA93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:56.196{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB7F870E81571B89D4B4586EC7FB74BC,SHA256=3A63E2F4013DD38EF7C71FE3C528EBA9D0E3E663D143311026F50F20CD40503D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.592{6EDEAD03-E8E2-615E-C101-00000000FD01}4684ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\backup\AttackRangeSysmon.xml@2021-10-07_123242MD5=DDB423FB598673DB2C99682BCE566A93,SHA256=6D2637A7F4C93D06FB81CFA8CE5427FC30F3C66652D0C098B37BD171E6F2F8FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.477{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FBC80124578B02DE50DD4ADC5085AEE4,SHA256=259DBF775BBAEF078B8AB9A7FC45DA527868D9201552F246978DA2CD2C851739,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.477{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3181208741A50F610FD74E61FAC4793D,SHA256=C9BF1638D22F0FDF51BB39C53342975DD8BA962A7FA4C665BD123E3B578CD64C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.462{6EDEAD03-E412-615E-EE00-00000000FD01}49645100C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+b6c18|C:\Windows\System32\TwinUI.dll+b7777|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+37c8f|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+34376|C:\Windows\System32\combase.dll+33b2a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000241646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.462{6EDEAD03-E412-615E-EE00-00000000FD01}49645100C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+b6c18|C:\Windows\System32\TwinUI.dll+b7777|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+37c8f|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+34376|C:\Windows\System32\combase.dll+33b2a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000241645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.460{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.460{6EDEAD03-E412-615E-EE00-00000000FD01}49646696C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.460{6EDEAD03-E412-615E-EE00-00000000FD01}49646696C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.459{6EDEAD03-E412-615E-EE00-00000000FD01}49646224C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.458{6EDEAD03-E412-615E-EE00-00000000FD01}49646224C:\Windows\Explorer.EXE{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+15bf06|C:\Windows\System32\TwinUI.dll+83087|C:\Windows\System32\TwinUI.dll+bb7be|C:\Windows\System32\TwinUI.dll+bb789|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.457{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.455{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.455{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.455{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.436{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.436{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.436{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:56.436{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8E2-615E-C101-00000000FD01}4684C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:57.939{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DDF30F9BCC588438BA897622D618001,SHA256=C3FE91EBF3D8F3C4C45DC9AF7025D08ADB7D5C3A5516378208BE59CFAE838CF4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:54.819{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50080-false10.0.1.12-8000- 23542300x8000000000000000214727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:57.400{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDC8BDCA99A3DB862D8BA55D77FA4570,SHA256=4D30E88AA0AD4B04C7D24B0C26C83911F80EBD1B577D7052D8B1E750705DEE96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:57.223{6EDEAD03-E8E2-615E-C101-00000000FD01}4684ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Users\Administrator\AppData\Roaming\Notepad++\backup\AttackRangeSysmon.xml@2021-10-07_123242MD5=F8DED298382DE9272E691CC63A5796D4,SHA256=BB690400D9D3426D8D2F56CA9B303BD2987A6E47EFCF668B5CBCCF5B8DE8E40D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:57.193{6EDEAD03-E8E2-615E-C101-00000000FD01}4684ATTACKRANGE\AdministratorC:\Program Files\Notepad++\notepad++.exeC:\Program Files\ansible\AttackRangeSysmon.xmlMD5=03CD21CF35234D49020D4563C18D30D9,SHA256=CB16EA04EAED6CE6D5C25447E773904987CB562D178EB5956FD35FBE2FA69CAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:58.943{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D0EBB9915AE861B50EF9E072C0ABCBE,SHA256=F54DD9172B09CC67E666CF0C9730A0ADA5D5B560D21E06D23987E4409D14CACA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:58.400{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EE582EBD4E4F3DA3EDCC86868683F38,SHA256=0F59167CE88327A334579B46E5A45402CA8045F9C28BFAF086CD9469EE979B44,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:57.011{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56501-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:32:59.961{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CADD23836225950F276FBD7507B375B2,SHA256=59E4CF9A006AAB6FB6AA697AEF760F02100358DA8A5B367852B02C07D7F4E518,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:32:59.400{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8479DBB98354836BF97124F38B83DC58,SHA256=47074A8B3B018F247AE8F160CC9B0DC1B0BD48FCCC3E95F31B137145BB8780B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:00.982{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE426552979327CB501F288D94FE3F33,SHA256=A0832BC4F4D89B9450A45BCA7FA29C08164995880C4B16016C098ECFB93BF1BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:00.478{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95FE4BEA6A15CA1219B13759392E7215,SHA256=86F4A52AB90DBFA867E1287A478875258C9F60C5F84D9B6D37AA6C75541CBAAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:01.603{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CB4455205DDED35161E6534BE162D4C,SHA256=A5DCE0B6D65098E05E8FBF8320150023E535C7BF1B062FB0DAA4C0074D223652,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.844{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.844{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.844{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.844{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.844{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.844{6EDEAD03-E411-615E-E500-00000000FD01}44846884C:\Windows\system32\sihost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.781{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.781{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.781{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.266{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.266{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.265{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000241659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:01.264{6EDEAD03-E1A0-615E-0C00-00000000FD01}836868C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x8000000000000000214733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:02.618{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBD50560F1CA1A933E2F03258A14901C,SHA256=28AF0D6593167CB410031B19764745B6FFBE39197802DE1665390A8047314DE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:02.012{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2872A552263634F2DFFDBB7C2AAAB1E6,SHA256=EC863E0A59C981C0285B91CB3D2A893323E332B58193D0F0FD58E34B8C7BFB2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:03.634{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC5CE629FF8FE8D60ECF3EB74608B266,SHA256=6EA083514F2A1054CBBF9ABA3DE648102FF9D6497FD65A4A0B660811D54FC9DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.527{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.527{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.527{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.527{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.512{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.465{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.465{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.465{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.463{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.458{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.443{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.443{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.443{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.427{6EDEAD03-E1A0-615E-1600-00000000FD01}12802176C:\Windows\system32\svchost.exe{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.427{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.427{6EDEAD03-E8FF-615E-C401-00000000FD01}61361536C:\Windows\system32\conhost.exe{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.411{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.411{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.411{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.411{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.411{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.411{6EDEAD03-E40D-615E-DD00-00000000FD01}27722172C:\Windows\system32\csrss.exe{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.411{6EDEAD03-E412-615E-EE00-00000000FD01}49646624C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+204ae4|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+1757a0|C:\Windows\System32\SHELL32.dll+17c27c|C:\Windows\System32\SHELL32.dll+19ea38|C:\Windows\System32\SHELL32.dll+17c416|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07 154100x8000000000000000241674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.418{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"C:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000241673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:03.027{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F55BF2FFE2666FF62548E2EE77A1688,SHA256=635D7EA2DE4A58A351F3F16E1436B8E52654D1EC12DD27542F787C6A974A22BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:04.634{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C1806593696FDDBE94F881F6283436D,SHA256=2B923BA62036CC34AF5A5C51343214DE1DC9438AC1CA57E58E9BE721FAE139E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:04.412{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=43904ECEEAA3E7433418D952CB47A0B9,SHA256=DF2EB5FADB25B6FEEF67ED3FAF73D83A918EFF54C596F03B970A83B9EADCFE17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:04.412{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FBC80124578B02DE50DD4ADC5085AEE4,SHA256=259DBF775BBAEF078B8AB9A7FC45DA527868D9201552F246978DA2CD2C851739,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:02.115{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56502-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:04.027{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C775FABD69360D8469D5AB4BDBA30ABC,SHA256=4B79F8BC8C694E086B947B1F5EEB0A793205EA0CA64C29B221E80D6073926FAD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:00.773{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50081-false10.0.1.12-8000- 23542300x8000000000000000214737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:05.634{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E97E810A87291569CD02C8669CD80D0,SHA256=1FB643D3BD11CE7228771570AD15806C4C7211220FAD5F2ED5F5FEF0AFBFB8DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:05.062{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9859E0C92C7BAD2DB62F6E4B10E9ED31,SHA256=6CD32484E7B2637BA96784FC2D78F181935A46BCEE5C9BF5EAC8BBA887F1F8C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:06.774{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65C8AF90DCF49650BE1A061C8F0A3F1A,SHA256=3E319D922CA1E680AD427B6D4F7423EFADFE58337A1D826B081144694C3C8ABD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.964{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E902-615E-C601-00000000FD01}6892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.963{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.962{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.962{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.962{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.962{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E902-615E-C601-00000000FD01}6892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.962{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E902-615E-C601-00000000FD01}6892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.961{6EDEAD03-E902-615E-C601-00000000FD01}6892C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000241711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.279{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E902-615E-C501-00000000FD01}6712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.279{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.279{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.279{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.279{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.279{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E902-615E-C501-00000000FD01}6712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.279{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E902-615E-C501-00000000FD01}6712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.280{6EDEAD03-E902-615E-C501-00000000FD01}6712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.095{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11125C8C3829D9D258E438255AAADD3D,SHA256=AE1E42768872A36C99E11FE58F320319C77390D262C9B17D1F11125B2AAA8F0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:07.790{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5B6BB8A7C14EB8106E5067356B39CC1,SHA256=8898975071596B0C75FCFE0936159167B2A2A7C4B87D4942F3CEACB776527BA1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.664{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56503-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000241731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:06.664{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56503-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000241730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.630{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E903-615E-C701-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.630{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.630{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.630{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.630{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.630{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E903-615E-C701-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.630{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E903-615E-C701-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.631{6EDEAD03-E903-615E-C701-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.283{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=43904ECEEAA3E7433418D952CB47A0B9,SHA256=DF2EB5FADB25B6FEEF67ED3FAF73D83A918EFF54C596F03B970A83B9EADCFE17,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.213{6EDEAD03-E902-615E-C601-00000000FD01}68926996C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.129{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C75325F071311FF4724C9357F9392F85,SHA256=D8C215541162476595B2D67FF77DAB66A8844D541F22849E42328EE3A7E5B4B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:08.806{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B7471318489D07DA469F30B5EEDF8FC,SHA256=D4DB5602CEF4FC31B3A577D7F6D184191EF96E012E0476D09AF0408127FA7EAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:08.631{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44E35D8226E0CA1D823E39F51B0193EF,SHA256=EC4F64A9E58685593024CEBADF9D355CC2B4F132A8117B8FC9593D8BDD20855C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:08.129{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=024B7D1792C25A79C0B6B156D2ABC9DD,SHA256=DE4FCA045B634652084BE8AB7B33B27615CC28AEF48298015056902FCF0CCF06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:09.806{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15E5048213849304201CDB486EB0C5CC,SHA256=2A6696000599C42D2BEC220C14118A68559021BC53820398F53FFE9CD873AA16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E905-615E-C801-00000000FD01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E905-615E-C801-00000000FD01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E905-615E-C801-00000000FD01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.785{6EDEAD03-E905-615E-C801-00000000FD01}6728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:09.130{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98AE8E4D32F3CB501FEE00A1A752E87E,SHA256=C9AD1132B011D582CF9D265AC3446CBA43FF23D516E67E138FB70B971A062836,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:10.806{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=189873E1A496653EF568CC93A9A17FBA,SHA256=47D23BEBB1E85AD2C887702B6C623E85A83D925D9484084F3AE17817FB916DC5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.869{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E906-615E-CA01-00000000FD01}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.866{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.866{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.865{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.865{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.865{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E906-615E-CA01-00000000FD01}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.865{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E906-615E-CA01-00000000FD01}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.865{6EDEAD03-E906-615E-CA01-00000000FD01}7004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000241764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.832{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.832{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.832{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.816{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.816{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.816{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.816{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.801{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27398233E800FC4AF5FACFED20F27B71,SHA256=0765C76D458E30A0D4B0D916CDBA71625EC630B3BA678A033E5D4793F96CB315,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.570{6EDEAD03-E412-615E-EE00-00000000FD01}49646624C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\ole32.dll+8a12e|C:\Windows\System32\ole32.dll+89a2b|C:\Windows\System32\ole32.dll+88be7|C:\Windows\System32\ole32.dll+8c817|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced|C:\Windows\system32\explorerframe.dll+1ac26|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9 10341000x8000000000000000241755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.570{6EDEAD03-E412-615E-EE00-00000000FD01}49646624C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\ole32.dll+b5f02|C:\Windows\System32\ole32.dll+899f9|C:\Windows\System32\ole32.dll+88be7|C:\Windows\System32\ole32.dll+8c817|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced|C:\Windows\system32\explorerframe.dll+1ac26|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9 10341000x8000000000000000241754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.448{6EDEAD03-E412-615E-EE00-00000000FD01}49646624C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\ole32.dll+8a220|C:\Windows\System32\ole32.dll+8c32e|C:\Windows\System32\ole32.dll+8c7fb|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced|C:\Windows\system32\explorerframe.dll+1ac26|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+5888a 10341000x8000000000000000241753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.434{6EDEAD03-E412-615E-EE00-00000000FD01}49646624C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\system32\dataexchange.dll+a087|C:\Windows\System32\ole32.dll+8c1a5|C:\Windows\System32\ole32.dll+8c7fb|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced 10341000x8000000000000000241752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.385{6EDEAD03-E1A0-615E-1600-00000000FD01}12802176C:\Windows\system32\svchost.exe{6EDEAD03-E906-615E-C901-00000000FD01}1560C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.385{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E906-615E-C901-00000000FD01}1560C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.370{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E906-615E-C901-00000000FD01}1560C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.348{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E906-615E-C901-00000000FD01}1560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.348{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E906-615E-C901-00000000FD01}1560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.348{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E906-615E-C901-00000000FD01}1560C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366e9|c:\windows\system32\rpcss.dll+3bed2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.148{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6906F99110C3BE2684B5391F24E5076A,SHA256=C271ECDF6A30D8C3E31C070331E977601E7CC3193C3DF57F3963BC37AE453366,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:06.663{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50082-false10.0.1.12-8000- 10341000x8000000000000000241745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:10.065{6EDEAD03-E905-615E-C801-00000000FD01}67282864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000241744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:07.967{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56504-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:11.806{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6E180DC54D2599E12ECE1FB40F32EDB,SHA256=686C683F9D2DC099DEA2BF27BD3B68D102431A70FC025E4950EEE0BA387E91C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.871{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FAFFBF18A76BA6969AE773209EC8D381,SHA256=C400D0FB0A80BEC0FACC5E5511DD9136154A074E28FE43F6365F0818F03EA85C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.836{6EDEAD03-E907-615E-CC01-00000000FD01}56646664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000241803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:11.617{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigHashSHA256=BB690400D9D3426D8D2F56CA9B303BD2987A6E47EFCF668B5CBCCF5B8DE8E40D 13241300x8000000000000000241802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:11.617{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigFileC:\Program Files\ansible\AttackRangeSysmon.xml 16341600x8000000000000000241801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local2021-10-07 12:33:11.617C:\Program Files\ansible\AttackRangeSysmon.xmlSHA256=BB690400D9D3426D8D2F56CA9B303BD2987A6E47EFCF668B5CBCCF5B8DE8E40D 13241300x8000000000000000241800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\RulesBinary Data 13241300x8000000000000000241799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\DnsLookupBinary Data 13241300x8000000000000000241798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\CheckRevocationBinary Data 13241300x8000000000000000241797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\HashingAlgorithmDWORD (0x8000000e) 13241300x8000000000000000241796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\OptionsDWORD (0x00000007) 12241200x8000000000000000241795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\Rules 12241200x8000000000000000241794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\DnsLookup 12241200x8000000000000000241793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\CheckRevocation 12241200x8000000000000000241792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\HashingAlgorithm 12241200x8000000000000000241791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-07 12:33:11.601{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exeHKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\Options 10341000x8000000000000000241790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.532{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E907-615E-CC01-00000000FD01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.532{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.532{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.532{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E907-615E-CC01-00000000FD01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.532{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.532{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.532{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E907-615E-CC01-00000000FD01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.536{6EDEAD03-E907-615E-CC01-00000000FD01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000241782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.500{6EDEAD03-E8FF-615E-C401-00000000FD01}61361536C:\Windows\system32\conhost.exe{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.500{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.500{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.500{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.500{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.500{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.500{6EDEAD03-E8FF-615E-C301-00000000FD01}69244464C:\Windows\system32\cmd.exe{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.470{6EDEAD03-E907-615E-CB01-00000000FD01}5364C:\Program Files\ansible\sysmon\Sysmon64.exe13.01System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-Sysmon64.exe -c "C:\Program Files\ansible\AttackRangeSysmon.xml"C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=8A914CFB7496B8461285C009DD8F5627,SHA256=422EC998FED690C2EC3239A4BB80075F098A9A95CBDFFBC873365B9F7136A02A,IMPHASH=DCF866F4139DD7FF6C0A5D4FA050CD7A{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon" 23542300x8000000000000000241774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.332{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9A74832207AA944B7C756AE99117832,SHA256=22A2596819009AC0BEFF4533AD4BAD45DC08ADC1DED0CA97B974BE5485D24A78,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:11.147{6EDEAD03-E906-615E-CA01-00000000FD01}70045208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:12.806{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C927E6F36BDC4C7E8598429B3631862,SHA256=9D00761F2B51924B992054DF13B64EE88F0E21E19373576E322A1C840D483B35,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000241815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:33:12.866{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb77-0x7e81fda2) 23542300x8000000000000000241814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.588{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE927DF2FCCBE9D74229E83E2671CA79,SHA256=BA5D2932EAC04F0EBE8D3E7B1A163881490720AA1B4B54C985AB7394ECBE47DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.519{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E908-615E-CD01-00000000FD01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.519{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.519{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.519{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.519{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.519{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E908-615E-CD01-00000000FD01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.519{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E908-615E-CD01-00000000FD01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:12.520{6EDEAD03-E908-615E-CD01-00000000FD01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:13.821{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95BC07B2357104B77A7F49AA31EDA57A,SHA256=FAAFB9E408ADC3AE26613784E635C3945AF27DFE578757D91D59CF2303C2F9FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:13.919{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 10341000x8000000000000000241818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:13.919{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 23542300x8000000000000000241817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:13.519{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D0967E0C2CFBD99B8C5040B4FB50FDD,SHA256=5AB9BC5EF44FAB158D03AD6368B7431F1A230947D1DBA162E1D79AECF50F6BA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:13.519{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C100A9C62E39323946078BB7D786022,SHA256=8E56CF513751E63B3DB6B250E0ABE75A5061447837F46595177E4E2B17628908,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:14.821{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E6103D8650592B899912D1EA52AEBE5,SHA256=74DD45F7BEFF114A0DF223E94CB0CA9214787D085608037C6C4D04EA7124038A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:14.819{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+ab5763|C:\Program Files\Mozilla Firefox\xul.dll+ab60f1|C:\Program Files\Mozilla Firefox\xul.dll+ab545d|C:\Program Files\Mozilla Firefox\xul.dll+ab4662|C:\Program Files\Mozilla Firefox\xul.dll+adbd21|C:\Program Files\Mozilla Firefox\xul.dll+19842fd|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4 10341000x8000000000000000241824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:14.819{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:14.819{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:14.819{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:14.520{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46C849CDE241F0048F6D85CE21F40576,SHA256=45384088FD505220C609FD04E9CDA1A9A62E9A459A7EFEDB8B475FF5E6AC2685,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:11.695{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50083-false10.0.1.12-8000- 23542300x8000000000000000241820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:14.010{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:15.821{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E41CD07567AB7D8835E2B0FEFFC180D,SHA256=ECBCB2A4BEE3F9A0E384A230BE31C1A753A05CAC1E9BB3E1A764D22A9F248437,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:15.535{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA08DDEA4C5B716EE328DE86104D3DF9,SHA256=28F671AC82161343BBA81938E942DCE234F2334B86CB1E50334661EE10D5B0B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:15.051{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\10728MD5=D4A11B24E28DDB27F9628E0713244E7E,SHA256=0D65996F1AB06B62EFE7243A3E4C2DBB7D20A39F6D7ED9945244EC65554FDD1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:15.051{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\25131MD5=882AAA39D1D440A9A59DE640085F8773,SHA256=D01C0A3A5C2A287468DD4EA29B27A69B94670DC3FCCFB6A733D5B50381056867,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:16.821{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48C6447DBA5D539DA898250513B624FF,SHA256=C684536CAE6A266E38A2BC8A3A7ADC37C38CCD709A34527DD1141755AB8608ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:16.550{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8232581BD7E583E0089D78246F2956AB,SHA256=804760EC9C3F330BAD00064945863E9E2FF410918C8DF2B2E40AEFCD2D15C323,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:13.954{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56505-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:17.821{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97BE3F51287B46AE1770B93A1BC3283A,SHA256=61EF481A88C582A499E17DFFD9D079AD8DA7BA5F628CE73BAFB57F4ED6EF5939,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:17.568{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B83B73343CB2F34F0597F9D02C6DAD8,SHA256=8DE2CA15B7821C7881416785157F3280F55FD763A3D1BBA364DC3E2FAB83F3D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:18.821{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE5164B1DCA74AFE2DA94ACA98FF2B9A,SHA256=5FC6EE2F96666986A7C6C08CDAA96F8BAB335E1857E760B99B996E96023802C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:18.587{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4488F1DAF79A7B45DD9CF5AE0311A03,SHA256=83130D467F1C7F4ADCD655C572064A502AEAFB55007DD6C337EEFC7F3BA1979E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:19.821{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4382BC14D3B78F89613EAAD005785CD3,SHA256=1392CCFDA9C387C7DF8406B367E89791C8F57A147A3F42A6DB906930635FEFC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:19.617{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFC42E92FEFF24341B60DEEEF4D47F92,SHA256=00F3C013F176E5482877EAF14069296859C88BF4235AC4219F5AC026B646B940,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.634{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08F7C77BBD2F0B8F620BFDECE2B925C4,SHA256=6E435A0863D6872C0B23F47E854F6E3FF808785547058E17B4D10BFF65116527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:20.837{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47F4FE30B99CBD8543A633933689649B,SHA256=E17CC03E7729BD5C896ECBE9DAEC1CF5454F1E1CCE3CD94575A9D96E80A0A340,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:17.695{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50084-false10.0.1.12-8000- 10341000x8000000000000000241840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.569{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.568{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.568{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.518{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.518{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.518{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:20.518{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:21.852{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2D34287B8E7073C20691A1FE86AB81A,SHA256=0BAB08A5D531E8BE6F57C503C8F0F5E5CF782A38EC3B9B1AEA2B36324E8C18AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:21.650{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=374066F050D934A7A680F6610770DD46,SHA256=33BD88AE7454D2532CD2E5F9C355A05936D4E5ADDA96E411D475EC31B9C162A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:19.052{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56506-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:22.854{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B4AF11AFB62532DFCE2D2F5434F91EE,SHA256=52ED63BA5D9123889C9FDD155478852C572795D5BEAFC259478F795C9F8BA106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:22.668{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88E3B4D2A7DFDF3FB6B66254BA9F49E0,SHA256=2E91B7BDF503338113F7D47B4E5E909E02A1E02D5B97010A731CCEFC03931EE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:23.868{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C66B4D7F34F03702F17A8DB8C153F3D3,SHA256=0BD5220E9572F1D82A77DECCFF43C849C1E4F400A5CDB93CF0C825EA22807174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:23.686{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7437396582242FC188F815A512F08146,SHA256=A424F8F2822D51577499CF2EFA963AB14E5244B3F8A012D2EF7CA3CC15E6A1A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:23.309{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-030MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.688{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF51B139EDB3799748269EBEF448E398,SHA256=27F7EB71461AE7652E492C9A4F5C81776672E09455FA18DB41C9395F1BED0F47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:24.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C82C7BE877DBFDA1781F78DAA739302,SHA256=CFC3FA15E37DCAF23D1FB4ABA947D3BFDDD9644D8DB12FDC87CC6FBFF9F230B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:24.322{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-031MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.070{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.070{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.070{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.070{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.070{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.070{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:24.070{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8B4-615E-B701-00000000FD01}3864C:\Windows\regedit.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:25.688{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F592C5CB7F6C0D57F6C1E47F861578B,SHA256=CD6A26D5544317055877268CB621A6CB8589A58B5B6A22278F70E41F8E611493,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:25.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A32A1BFF82645B04A848B1BCBED24C91,SHA256=AB32789C92B67F61EC8EA1EC1B813DAFA7F68DE0089BAB8D5B79F4041C4F5EEA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:22.789{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50085-false10.0.1.12-8000- 23542300x8000000000000000214764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:26.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50D166115646A93DE7E2C7583CA70EFD,SHA256=9D00605C07B023D3A9BE8D07C32FB5EBA77EDE39FC6FB1224F48443E67895C67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:26.704{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B176AFD5881892349B27F118A3F3D40,SHA256=35DD3EA77E67DB13DB4AD0A4A2D1B51393F05ACDEC43C07E7C01488287526D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:26.035{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:27.719{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F601B7C99B79CCC01502242B4D24CAF,SHA256=E219A95817C253E7DAA5B51203A1815E7C53944E660B4A3BF06478F2AD069E00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:27.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A64046131928EF294C5BA0E1BCA3A2E,SHA256=2FA620046C45A6670A33DD651307A01F5824A789CE62B879C94557987FDCDBD6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:25.053{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56507-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:28.751{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82A006D792388F858BF4FDB4068F0E39,SHA256=A01B2F39C2279BACBCFE4CC9CD02F385F9C9597B3B179C9972570FF54A5406AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:28.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCF1B2EA817378160193BE6319377611,SHA256=E7B50AA01A8695A8BC8FADD7BC8D27CD59B59EABF46DC81456E984AC680D065C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:28.719{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000241863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:28.719{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:28.719{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF1d496f.TMPMD5=6D42C7FE9F028C54630C19D034052042,SHA256=0E230D0501443A27FC0083702AB6AC2E616BE1AD9D50290A490693479BF90FB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:28.704{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\aborted-session-pingMD5=382A17619E727921E471C112A6DBAB92,SHA256=CA29D02A94E0DFB6C1FF2594DFE862F9C3394585BCA3E7C9CB654053807F4A7F,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000241860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:33:28.020{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.29.94070445C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000241859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:28.020{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E891-615E-B601-00000000FD01}4608C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:29.768{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EAAE70DEAFC45AF7B95D0B935B771D0,SHA256=14288C075DEC538F62F3650F6084137302453A63E4C95BABBB2DD94D58C572F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:29.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FCBD5BC018C9A7AF28D375F0CC54EA5,SHA256=38ECE89B5C55279F3738D43E37D1936EEA6E226449B3449E1FD8CEDBFA365FD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:30.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E43672025223A2AB8E42E211471411F3,SHA256=8A14950DBDD906754A916457F2BE5AF2DECE26AAA8287B7FDDFE5FA9163A7A63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:30.787{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50490A2F6F7B494D276E6B3FD97DBE96,SHA256=9BAD4ED199EEEC7770B13AF86AD6E0543BB218E3061AB1CD0DD89EC0CA36875D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:31.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56A0DDDFAF20FE5B4433BDF83BF97553,SHA256=670D1B93A6702D78F2D12E559CE14058A1663B324CF47DA7F928063E393E7A73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:31.802{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A9789DD6DA77880F533F79E3B6BCA62,SHA256=D1C3231183C981290FBA12C379FBD9F1D0EA43E66D501CA5B0513D49B6A9E0A5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:28.742{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50086-false10.0.1.12-8000- 23542300x8000000000000000214771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:32.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEEBBF0719DF12315115BD18DB370108,SHA256=9D3E544683404464E3B652C17F4E4121F082D906E54502EC65EC2C63DDF6D310,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:32.817{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A1561C40DC795E56475F5BD80E685A5,SHA256=22754E0ABB13DE679D6CEBD284404E4F09B533F26B365DD9AB1BAB3CE3CEED68,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:31.089{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56508-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:33.915{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=096611760E0311B64805D5E4E925AA0A,SHA256=408F3A7A31EE704714D75EF6CEB239CE799747A0D95BE46531B50C9A1300D1DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:33.833{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AEEF37EF620341B4EA29DFF89EDADCC,SHA256=21FC9240CB633D34E4EFF24DAF6E0057D41E423469D89FB1BB091BF267B00E91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:34.915{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FAAED4D1669FF75C1DEFC4E90419A94,SHA256=9790232C888A7DFBE0CF8F1092B8D8B51EE6ECC839F659CC6A57337749C339BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:34.848{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9BE0F64753032EB4045BB46DD7687FB,SHA256=4DA5DE4E0AE51EB1EEECAEE4EA7A4C7061244E1EBD5AC126FBD637F651394AFE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:34.364{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:34.364{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:35.871{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B020D0578CD17427410CE66F84A717A6,SHA256=A01EB4D967065647C5C965B023FAED97AD61B886F1FC3E4B49C0408C2155CCF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:35.915{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11321540617F324E52C837D216CE9BE0,SHA256=D387DF31F40FC002D25BBDF3E9BC09A326F29AC5A34BE0074439FD708E5FBCF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:35.055{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=16BB359F08921BEE4E1DB70AB4E00EF1,SHA256=B6B86748898245E37830FDF7741254110B9508ACE3F6ADB7455B3EB4D457C223,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:35.803{6EDEAD03-E412-615E-EE00-00000000FD01}49644552C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:35.787{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:35.787{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:36.914{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F074B598B39A7C901434D5CB15C32505,SHA256=FA6BE2ADC9F11E4402C5ABED45364AEDE5E652165EADE6B4D84FBFE17BC0F60D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:36.888{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EADBD60B447F5407387DC521F81CADE8,SHA256=FA9424A30D0D0B30D873E9514225DB87EB3474A1650B2BF9AF0BE484027EF544,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:34.789{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50087-false10.0.1.12-8000- 23542300x8000000000000000214780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:37.930{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6A842C2CA55E38EF36C689621AA2CDE,SHA256=60FAB55050F2D3CEAA6BAAB7DF98ED12C5498536791E3D8361F0FF02A1B83C1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:37.904{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FF8003BEAB0A50B31354F019FA51347,SHA256=D3587884C87FBF44B96C1F80F0010383F5A1C71444482EB5DEA5FB5D30FF7B9C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:37.727{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:37.727{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:37.727{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:37.151{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=D3C79E55C5399704233081E14BBAC19F,SHA256=CB679530E2B180C5BEA561A37D54C3AAE1BC20058277686ACDABAAE0A797B6A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:38.930{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52F9BDE66A2019853F68B19DCDE9342C,SHA256=0BA0E07045A08595B8440FE99E15A3CA1D4BDB214707FAD94AABDA125F6FB035,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:38.919{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5686ABC407F9DD11DDE66D3D216C561C,SHA256=6745AFA7961193B5AC61BBB19441489BF7E0290435D8F4A39965B94B0E96BFAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:39.935{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94307234597CE11A0D5FE537FD868DD9,SHA256=4A0AFEB237F4448FF9B18B69F9EED548CB4F3A56FB54DCD22CFC2CDC461F7ECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:39.946{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D658E91BE977117EEE848F9C7F5A5092,SHA256=DE4FFB992E814435736FC490A42AA13185FD2F5B2CCD48E274A3AFDA05B55A3C,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000214783Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:33:39.352{49C67628-E19D-615E-1500-00000000FE01}1036C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb77-0x8e4b6635) 354300x8000000000000000241883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:37.107{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56509-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:40.950{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CAD4C38BAA5B538F03695438C6F4B07,SHA256=0A2F4DCCA6F7D41A836E251BFA9C519090396FFF8EAEFD9C3B7DEF4A5566A74A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:40.946{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0DFD52D704631A7B17EABA5C5E72A38,SHA256=730695DD5CBECFF446DEE6975B20B83CE31FDAF5D18AC26D150FF6DE6021B054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:40.734{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:41.969{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9A6DBFAA6A3242975DBEDCC714854A4,SHA256=49AD024F573BD73726CE0D5D1A77D859B00F1AC8858F9DFCF0169B94523B3AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:41.554{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-030MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:42.024{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF26056FCE22B09FD4B7273FB866AC18,SHA256=7357F0DEF8D9F5D6F30A021B7F601577258CA6454952732C06747E91ED5FD44F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:40.622{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56510-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000241889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:42.551{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-031MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:43.164{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA9848DE282A1FA9EB2AF4CB35E965C,SHA256=AC137D5AA49E71EDB04ED3A87078D8D9346B6E750D0F990671C3AA2B3AB74B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:42.987{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93D0CAFC68DFFE79BCE122BC2653C920,SHA256=A11E938AF4FB069CB0A97E928FAD4E267D8BE8DA599D960EAFB1E3334EA15A0B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:40.805{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50088-false10.0.1.12-8000- 23542300x8000000000000000214788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:44.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7B89D2402D4CCB9F323D3D4DEAF4162,SHA256=426DADEF543C585D53E7CAD95C9B0EB05F8192E43F151266168E8282BF957A48,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:42.968{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56511-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000241892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:44.018{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7753826AA2F320306138604CB14C7CAF,SHA256=1E25F5CC5B90AD05A5464398437CA508A6F7D8E228282D24294B2F2B4661D63A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:45.961{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:45.446{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5AD3DE4D41ADAC4337DB37EF5A66554,SHA256=0E583B567A63FBA95095C8F53496B5D0430D4D87A55F2333563C7D5910CF3791,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:45.024{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41DC9CC2E1FDDDC00B2F56570DD4CB5A,SHA256=26DA7C470B7D2C6263BAFBF679E9112251A50CAE452BDDCDCC4FD46073F159C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:46.477{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E644C9552DFBAD17A42D42458768A93,SHA256=9B78B6A258441E6F25AA60DDE303020730FFB61172C4532ED09D0CAA4890EC67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:46.053{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3334D002C5810B92EBF39A946B2EB3C,SHA256=9084E878F227386E8B4A6EAC254D057C7C0829AD19205CB4410106D8195B84B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:47.071{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DC631AF850937514CE442F220C35F58,SHA256=900D487078F8C159146658E3098CC7976A4D08FB09B559BD0D9089AE2ECF450D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:44.523{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50089-false10.0.1.12-8089- 23542300x8000000000000000214806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.477{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65AF63B0C8C0A36DDEAB58D035B229DA,SHA256=A12B067204E273DB5A9DA8ECC0443F6584C1F2AD90AA5103F095A56BB5F66BBD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E92B-615E-7201-00000000FE01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E92B-615E-7201-00000000FE01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.383{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E92B-615E-7201-00000000FE01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:47.384{49C67628-E92B-615E-7201-00000000FE01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000214824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.664{49C67628-E92C-615E-7301-00000000FE01}14563280C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E92C-615E-7301-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E92C-615E-7301-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.492{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E92C-615E-7301-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.493{49C67628-E92C-615E-7301-00000000FE01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.477{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D5F2DE08BDC506D46793EAFB94E2718,SHA256=AF7C21DBE725CDFA2A98C1D37EBF2B30B572C0039AF80FEBC8A94C0582D3A705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:48.074{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39487D86A9DE9BB211368C66137DF9A1,SHA256=E61C1142615C38905EB217406439BE23EB478FC7C2D42DC371FC821DF144D96D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A19CCACF97BC749EE0BBA9757708467F,SHA256=FAE28650C6970D04271D939D1BDD62651AC8157BC91F99AB1F94D56C6196909F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:48.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=433A4EB257CF4F64CB58AB19345984FE,SHA256=3877AB83C11FC7B20DB7F67C6043F743D4F844F1CCD8787B83E0E9DEA24B0644,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.727{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A19CCACF97BC749EE0BBA9757708467F,SHA256=FAE28650C6970D04271D939D1BDD62651AC8157BC91F99AB1F94D56C6196909F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.649{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDA1AB27D71433136098A496BD32816E,SHA256=232A553E54B2AA3D1767BC13609C96ADB6457AE8B938546B85F93D5AD69D8BBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:49.155{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6B0715743D68689F60D5DF7F63D3AF4F,SHA256=29FBD15ACBAF86278F931F64B8B0EC4F72392F2C3DE9F9ACA00FDD23A60794AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:49.155{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B76DFA309F99D0D4B49DB48C796F7F3,SHA256=F86E41E23507AB6AF3182A4D2988686BE1CB2DCC5CBE48A6BDD8EF900119C5F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:49.093{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2CE85CEF47CDBF79D0004DD1D65A762,SHA256=F9FCEEFBE96A1266F441F0234290C4D4447E10F07D58A2CA0A47016D12C069EF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E92D-615E-7401-00000000FE01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E92D-615E-7401-00000000FE01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.164{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E92D-615E-7401-00000000FE01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:49.165{49C67628-E92D-615E-7401-00000000FE01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000214841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:46.633{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50090-false10.0.1.12-8000- 23542300x8000000000000000214840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:50.727{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A3F5DEDA4E0BC80AB5412DF6964B8BD,SHA256=BE7AD081E065ABD46767DC273AB1074F0B2456DCF901CB9B08211CEA5FAE6458,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:48.111{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56512-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000241928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.708{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:50.108{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5F8BC8EF7984F634A19A3D2B5B1E038,SHA256=33223969446C39F6E1BD450488CA13B3EA12534A852488465ADF72E39CFE557F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:51.424{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEB5189872AF3F1C0F1B55EF849DA9EC,SHA256=F72B97363299B035B9DE92E111DB75D7F486A096F74FB7B8EAFBB15AF4AB5FD5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E92F-615E-7601-00000000FE01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E92F-615E-7601-00000000FE01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.805{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E92F-615E-7601-00000000FE01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.806{49C67628-E92F-615E-7601-00000000FE01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000214855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.414{49C67628-E92F-615E-7501-00000000FE01}7161864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E92F-615E-7501-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E92F-615E-7501-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.133{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E92F-615E-7501-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.134{49C67628-E92F-615E-7501-00000000FE01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:52.454{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B9B22E53A0B9CA7FB80CDD8FDD728EF,SHA256=6FAFFFBC0B537F7E9ED233AF4C0C58DFA92162C5313BB334D17044E2B84319B3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.602{49C67628-E930-615E-7701-00000000FE01}9401656C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E930-615E-7701-00000000FE01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E930-615E-7701-00000000FE01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.461{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E930-615E-7701-00000000FE01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.462{49C67628-E930-615E-7701-00000000FE01}940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.336{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=79E4A78B83204784C0B56ECE76B80DF2,SHA256=383B96D0EE42CD943F63A17399BCD6DE97287378FE4DDE69C248643602D914C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:52.102{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFC51283FC86558538ACBA9025EDB6DB,SHA256=09CC05B754F911D1C56225BAB8E3B5B84EDB79A8F84404EBE73D919A2077A844,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.993{49C67628-E92F-615E-7601-00000000FE01}920908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:53.463{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E726A0A8C5BB811B4A5B98D91AF2A75,SHA256=37320837006F019E0FC1A3F99798B348E5092413BB56E946F3C382224107D8DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.492{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=809B8750FEF274CD0F4EC20CA1FB57F4,SHA256=1F3FAD78E18C90C1CF41746752811852D1F04B99DA1B63215F9EFF095D0EC416,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E931-615E-7801-00000000FE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E931-615E-7801-00000000FE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E931-615E-7801-00000000FE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.274{49C67628-E931-615E-7801-00000000FE01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:53.008{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C9AFEA70699E5487F6D9C28A97EEA37,SHA256=1EF3930C6B8592A6EE182404FC31A108A6C819EC00FED1856D4A0A8BC6A6BE9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:54.483{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EFF64F70FFF69BDAC05923A6AD882AC,SHA256=69D6ED4D7C184C710B20D94015E898ACE69A0720ED45CD32381D7FD273D2B4C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:54.196{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EFBD48D3C818115A82AA2DA10AE46ED,SHA256=F9D78A18524E6D3AB2E58FC48356E78A4A213A0E0913CD046762BD77D0FAA98E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:55.211{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE6FCD00432FD6860C36C2055E487330,SHA256=FE4B7B7E21854948E6D2455DF23FE6A79E110986EEDBF410DE6E4180FC793423,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.948{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.948{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.948{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.932{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.932{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.932{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.932{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E8FF-615E-C401-00000000FD01}6136C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000241938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:54.080{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56513-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000241937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.601{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.601{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.601{6EDEAD03-E1A0-615E-0C00-00000000FD01}836528C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000241934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:55.501{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26C8CCA96FF9866376414F3311FE5D50,SHA256=81132DD35AB27C5418B21D25BECE71DC58CED2923668F4664597DCB87690BBDB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:51.648{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50091-false10.0.1.12-8000- 23542300x8000000000000000214904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:56.399{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3A53FC0339F4F85B7C6954963456485,SHA256=8ECB1C035D41519C70B9E9BECD4C9ABE01011244F19557A6D56BB5F72387C959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:56.516{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C9027AD0168BE4ACDD8BF54FB6A1939,SHA256=D32AA4CB972CD63DEAE6CB6D580536474138388607B3C1EA5BBDC6626478D5BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:57.492{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE32F9BCAA8A09E58D1A5B8FC2D67773,SHA256=E58596A0AC11EE4936C49BB60DB16F4E0FC3F3C8961CBC1E766563FF30B3C531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:57.531{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D048F43016C6DE1E1BA785F1786EE9BC,SHA256=0F8D37034044356DD078F2436E6C0D4F55FA97B50C52535960586E90BFBA2541,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:58.524{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C47A6DE3C840EEE028A9B84E1271595D,SHA256=27D62A247399EF840B72B380C8DB99E996ED7CF8C90A337B53FFC9C27EE70010,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:58.533{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0604B85255D2B888D2F0B680C359B87B,SHA256=306DD288E2F6DE3E906116B40428001EF0C90696DE746E27627EA4562D0A1F20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:59.555{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC66BE6A77ECB36BA51489387271B219,SHA256=0E2085E01EA3AB16A662628AF6FF88BE42BA208042E0E3064FED7EE88FF95E1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:33:59.549{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45F6D4CECE288709004722C7BC28A4F7,SHA256=0586128A8761F2AD11CD3D11E3BE4E8B7075EF4B70F86B327E4FCC2B1B8CFDD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:00.664{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B6C9390F4D8D284EA35B26E0021F3DC,SHA256=C7937A5B38372B61A334194A7B2D802FBAAD39EC8006457838E443F3A3F161A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:00.549{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=717A38488C5BD6CF45CF990824FBF2CB,SHA256=3622A56E08B12D7CAE3330646A80CCB9B0AF7E0D4A11439E74AE15D6C708FC8E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:33:56.711{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50092-false10.0.1.12-8000- 23542300x8000000000000000214910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:01.742{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF81101048510C9C31211F1F755595EF,SHA256=1BA6016138116EC98A4B5988B8E740B4428ECBCEBE3CFB9AC8AD31CBC357073D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:01.552{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CA09C285865319B8B14CE52DACD5EFB,SHA256=310691F77B8C9AFB2A492E2D83676FB4FABC755B820CD41634634223FF46B6C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:02.805{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1A74B8A88C3EACFE5733BBC2579CB00,SHA256=DFC9E46F91A7EC65C4D982AABF86C737FF5232088CAEC304B548F792332C6700,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:02.553{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC80C94702D192634B259CA98A90D0D3,SHA256=6544BDB54E62A0E6D20FD95645BE6A602315DC465A3D86C1CEAAEF9C6700D8AE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:00.083{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56514-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:03.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AACDC04C1C9BAF3D20839E469CBE010,SHA256=53DEA3E96CD68F0B08545EBE3DD64CCA2A952F716C56FB663DC6530FB3008684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.807{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=A7D57D57E510EF1C56DF728BF1B6AB5A,SHA256=2FAA49148BA78E32EA003FBF68CF786CBB1CC5B7C57DEE5F6D18AA9C855E0972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.807{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=9A3D16EF5C01CEFA1D39A41976E97A8C,SHA256=C7C865D7BD994F2382C39018B4D34875B28B2B115696EF919F1D9D79B75218FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.807{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=BAB424013BEFD5379FCE934BA7D928A5,SHA256=C4168E0264FAE13B0E69BF0D251A9D3F272419052C0301531F34AFF905013FC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.807{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=30B07D9D69553B1DAB759D2A95ED969C,SHA256=BEF5B4267201D319BFB1ACE7F62C0C9D95155DBE6CF69C0C10D936C25A8EC399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.807{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=68D0400B0097C0155896B7036353CF47,SHA256=8864D8A646923230DCA65A4EC1C91140666F6428C839E5B845D3169E7C1564BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.807{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=DE338AB311189E19D5091095A229959D,SHA256=3FBB8533BB73BB20BFC7B397832D1EC4F9CE6C206942AB1AEA4586060207170F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.807{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=8710725C31E23E04DE8B07A984602C80,SHA256=394A254DF40364CF2620398475B3D2196E3347C63952FA9296A8743605F2ACAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:03.589{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=803F940B6FEED80F4AAF5EA8537AE0A7,SHA256=394563A2AF4C675EDD57EE5D26600DCA8F9328698146F1E50F56CB4EDCF1DEF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:04.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61E48305821F792ACC07264591207015,SHA256=F93C9FB034B567573442B1518D7DB1A7E3BD37D762155D80417122A593CB82AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:04.622{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=582120B0C614F77B104A75B1656848D0,SHA256=48D4BA1D4A912071197291E2BB48E7E8250B70E17AE7F40FA775E07B21C57F09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:05.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B40AE09A6E137C4F6C219CED461E4DEB,SHA256=FB19269A9C983072D920DE93D9B741E7EB6B1111A7AD8FF54DA7D6691D92B39D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:05.637{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDDE305F3A10EA5509F9D43564EA6D66,SHA256=5994DACF16322E510F45036812265F0E3E3A61103EC539945A55B90CF041D247,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:02.664{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50093-false10.0.1.12-8000- 23542300x8000000000000000214916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:06.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E16C90996FF7526F0FE5681800F5457C,SHA256=8C65AFB171809481117DD1F5AFEB8B6990092849446C97E0279F71B9B664E543,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.985{6EDEAD03-E93E-615E-CF01-00000000FD01}47285556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.752{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E93E-615E-CF01-00000000FD01}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.752{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.752{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.752{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.752{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.752{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E93E-615E-CF01-00000000FD01}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.752{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E93E-615E-CF01-00000000FD01}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.754{6EDEAD03-E93E-615E-CF01-00000000FD01}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.653{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B366857E7ACD2E2AB61624A4FC8F1AE,SHA256=BA7190AFDDD963C0E98C71BB9D71B3890BC2EB1087936B9C9880D45C192E65A1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.137{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E93E-615E-CE01-00000000FD01}2864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.137{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.137{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.137{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.137{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.137{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E93E-615E-CE01-00000000FD01}2864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.137{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E93E-615E-CE01-00000000FD01}2864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.138{6EDEAD03-E93E-615E-CE01-00000000FD01}2864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:07.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68D58EC7623B18CDD4FB8C74464EFF3B,SHA256=1BD9F38558AD4A675185DF45E45CAD977D4B7C3F8A43ED71F501428832AEA30A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.668{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB57ACBCA5288E2EA2CB125707818CC6,SHA256=DA5DB08E659BFFDFAC0DF1B7E0E1D29C3171D3C611C0607ABE44C0083007985E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000241991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.352{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E93F-615E-D001-00000000FD01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.352{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.352{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.352{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.352{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000241986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.352{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E93F-615E-D001-00000000FD01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000241985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.352{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E93F-615E-D001-00000000FD01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.353{6EDEAD03-E93F-615E-D001-00000000FD01}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.137{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C8197027148587B8115900618FE23A7,SHA256=FD0DDE8997D26CD8DC1D93373E7DD409989D76FF9A5648BD925746AFE10A5FD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:07.137{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6B0715743D68689F60D5DF7F63D3AF4F,SHA256=29FBD15ACBAF86278F931F64B8B0EC4F72392F2C3DE9F9ACA00FDD23A60794AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:08.689{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD6048045781E44231E5532363D7360E,SHA256=20F8548F24FCF2C926E7711A46188C7B5CEFBB93608E4702BD7BC8008856D656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:08.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2A95511FC2484F365937D361D27DE07,SHA256=192896D154F86479E96B89E43BF4860B9F4266532C2D8D97CEC92C58EBA2BC28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000241994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:08.389{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C8197027148587B8115900618FE23A7,SHA256=FD0DDE8997D26CD8DC1D93373E7DD409989D76FF9A5648BD925746AFE10A5FD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:05.986{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56515-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000242006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.805{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E941-615E-D101-00000000FD01}6592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.805{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.805{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.805{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.805{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.805{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E941-615E-D101-00000000FD01}6592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.805{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E941-615E-D101-00000000FD01}6592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000241999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.806{6EDEAD03-E941-615E-D101-00000000FD01}6592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000241998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:09.705{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1C34D27AC06E8297E374649EE2B40BF,SHA256=DEF75F7EDD7B272D2DD09960EFB8B560551EA16700B7EFF1FF43815627C6C894,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:09.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A2815EDFEED6AFCA8155DFDFB561C8E,SHA256=3E5EA7E6FD418E863334465CAF5F58AB6036C29663DAA6BAA18093479FFF61DC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000241997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.670{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56516-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000241996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:06.670{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56516-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000214921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:10.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87077F88BBF271CDD8FDCA16EB2374FA,SHA256=A513F6C8D9033AC88E8239413732B1EE1486CEC2B31D701BB1CE5DEC9B48E791,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.875{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E942-615E-D201-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.875{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.875{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.875{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.875{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.875{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E942-615E-D201-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.875{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E942-615E-D201-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000242010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.876{6EDEAD03-E942-615E-D201-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000242009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.828{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=88D952E883BE9BE7990368A6EC9589D6,SHA256=0147B9963BE929D6294D928C5AFECB9180F94B6F43D272FE443C0648AE56A6D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.712{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E4B6690D1241CB8D4E72809C56170DF,SHA256=8B4105326C1B3AE5AF19B38F8BA209C310B97EC5C32377CCD2CAEA746A0A74DC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:10.097{6EDEAD03-E941-615E-D101-00000000FD01}65923720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:07.758{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50094-false10.0.1.12-8000- 23542300x8000000000000000214922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:11.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78C20537029BD9069B88210A6A5E7DC2,SHA256=FC018050F911678F73CB08FB57FCB23DCFF1CF9E4C765FBA465F14C5FC9F2827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.885{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3447CAC1AA12AA1BE7BDF59ADB03D803,SHA256=F4E5E2F244296E42DE61020B22313F8F7C7D608B39FC5148A6A74B89D3786D65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.738{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51FA7EFDE9DCA07A3407FCEFC84530D6,SHA256=61A0A6B0BA896A35787C75E2949D15BB57AC9DB713B980786707D3F2BD318C61,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.701{6EDEAD03-E943-615E-D301-00000000FD01}2244272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.453{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E943-615E-D301-00000000FD01}224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.453{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.453{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.453{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.453{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.453{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E943-615E-D301-00000000FD01}224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.453{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E943-615E-D301-00000000FD01}224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000242019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.454{6EDEAD03-E943-615E-D301-00000000FD01}224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000242018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.219{6EDEAD03-E942-615E-D201-00000000FD01}4188348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:12.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=265942110A63EC2761885BDB204FE508,SHA256=D44F443C1D9151A319E033CDE9A927E9106D94CE97E3372B6EEA0DFF129BF26E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.741{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C3AEB4191DACCE464C18D62B2015D8E,SHA256=05C6DA4388A025148D5C8E6EFE32AE407632E247769D84E7405063423FC8FBAF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.520{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E944-615E-D401-00000000FD01}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.518{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.518{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.517{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.517{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.517{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E944-615E-D401-00000000FD01}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.517{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E944-615E-D401-00000000FD01}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000242030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:12.517{6EDEAD03-E944-615E-D401-00000000FD01}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:13.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66B343FEFB34C1548E3FFEC5C6ED5DB3,SHA256=593C47FBE2871AE82CC2DC704B250C3290F9169476DB1D3F982EBBE832B42DF4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:13.956{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 10341000x8000000000000000242042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:13.940{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E890-615E-B501-00000000FD01}7152C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 23542300x8000000000000000242041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:13.756{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F070804815C4CC9937F3AD33B87698F4,SHA256=9DB55D198C960D1A4CB529E98091D8BA37CD5A8690639A50D96BE7DF2038DC62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:13.541{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF7DB64D7451FDD6E68AF7CCC577E797,SHA256=695634878896C1C3333BCEDDB0CA8747DD16BC771AB13A6289653A10ECF2FB9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:11.020{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56517-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:14.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DECA7F68847224F38A3145AA61470312,SHA256=B6085357AE3E903C1FB2015DD619AC1FADD839AA45BD48C1689C325213E0B9C7,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000242054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:34:14.841{6EDEAD03-E946-615E-D501-00000000FD01}5088C:\Windows\system32\reg.exeHKLM\SOFTWARE\Microsoft\.NETFramework\ETWEnabledDWORD (0x00000000) 10341000x8000000000000000242053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.825{6EDEAD03-E8FF-615E-C401-00000000FD01}61361536C:\Windows\system32\conhost.exe{6EDEAD03-E946-615E-D501-00000000FD01}5088C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.825{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.825{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.825{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.825{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.825{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E946-615E-D501-00000000FD01}5088C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.825{6EDEAD03-E8FF-615E-C301-00000000FD01}69244464C:\Windows\system32\cmd.exe{6EDEAD03-E946-615E-D501-00000000FD01}5088C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000242046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.831{6EDEAD03-E946-615E-D501-00000000FD01}5088C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeREG ADD HKLM\Software\Microsoft\.NETFramework /v ETWEnabled /t REG_DWORD /d 0C:\Program Files\ansible\sysmon\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{6EDEAD03-E8FF-615E-C301-00000000FD01}6924C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon" 23542300x8000000000000000242045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:14.771{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EED1604707FEB8F11C4EEC99B3A6BAC,SHA256=62AF97E4B4D2CCD7AFA3732C22BB68FB1484296D8189BE9F3BAB8C2BAD19A544,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:13.987{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:15.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB6A35E8EE671F667DE666320AD217F2,SHA256=B8969F114496B4B79872D62388052DE9F55E2FE7ED0D5D67FD6C7A4E352907AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:15.841{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD5104EBCB08CD055A708BABE9C0F6BF,SHA256=109DE3068CD149E7F2A6AF44880231106D7B39A3EAC7CEF439E4D5A88607E32D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:15.772{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F064B675D7CFA98093AE0E4E7819FBB5,SHA256=B022B54699ED6F21F0BD4ACF05E408C28FEB5C5DE274BDECCF57001B6BF93DC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:16.787{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09B1EF05394AE3465820B938DE2910FF,SHA256=09F4822CAC872F01D404FBBA885A48182F4F0B305855B9B05EA19838522792CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:16.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=318FE2B6E5110C6298D527D73B8D5CD4,SHA256=39E2BCCE0F909865165FBFDE04925C94066BC0DDA91B4E51ECCDE37A44DB6CF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:17.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BEF091A80C7553998C22488F5D76D57,SHA256=D0190E6A5D926E2291A8DF3EB59DBA086757F7481D334F7549D2C8CD13E0F771,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:17.787{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AE8E9D9F84994E07125C213FB990ECC,SHA256=94F3F36FB701F1EE528DC0628157DD0D3BE8A877EA1931CF998F40449DD5538A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:13.774{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50095-false10.0.1.12-8000- 23542300x8000000000000000214930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:18.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D3B4482CB678AD5A6FBEE73B64FF1F3,SHA256=60441A6A5AFD19975E724C61D24B2A66C9FE2319EC4B92473A29E5985407C7F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:18.802{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C6EED035723F4265B5BA42095D91912,SHA256=B8FB99E6D40E059401F0D1D71902D4A6BCB155D4A655E90179F74AA5391D660F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:16.043{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56518-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:19.821{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFCC93BADE4E00452694ED79F46DF401,SHA256=33E2D98335A6ABE5A82B72D278BA6B47A3D0AC71761B6F474B37ED6E034C6AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:19.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CF0AD42E724F2FBBDC6CB3358C45364,SHA256=E764A67CDF49EED1D6A7883E1FE3D9EDC74895C459DB24DBDDE169089BB54A72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:20.824{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79069C0535B3D2FABEE4EEC0741CF2EE,SHA256=3047300FA4B9B721389C6FEE2BB66D4680BB4C95DCFF03DF95431484B7A12CFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:20.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BF6B04E71CA733BB8DF5CE9E66ED6A7,SHA256=8EB7C6D1B99E8F4C580A68EC5099DFD772BA39C6FF98FE9103F259C027F785E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.839{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBD548410957007A602036DB802AADAC,SHA256=6E13C959950E5F4B3D3D0E39D83C5FE3275A9BC9E617520A0E51A2845A45091F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:21.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55F069EDBF48D0206F5AFC1E58D89044,SHA256=A15897FF51FBEC495E3950D1F48E6E17CB41F90A65EC73BCFC02B6422A679090,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.470{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=747B1F0BA50118BB4AC7B057F4B6DB9A,SHA256=12FB2CD5CF792A5FC62559AD0613B7A713A9D1427554123806578F54E587D993,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.470{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C9C61183C00F98CD179880F73A574E32,SHA256=C810E9F6D915A050F8BF77732020C50ED054489CCCA385BC7A5840F784CA0547,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.470{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=462168AC6A967798DF5153168FCCDFA0,SHA256=EC55052A3C5A8DDE90A540C574020934FA16E64736CCC2E94A0468F12A3D8143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.470{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=DD8C288876D22966C5899D3AD21B1DB2,SHA256=2E4AB304F73B70E993AF44EC8004105A5533DD73F3A7C61C324F5BBBC6049A20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.470{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=00CC84755EFD228707EC73C172ADE378,SHA256=F563BC7260AA477CDA61A4444D7D82E847831B9BD1B5CB8FCC920553DA4EBDFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.470{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B8B07A825E4FFE47293CBEF55ED6733D,SHA256=413799FFE7926658301659708C7641581976F3B4C7249DA17D91939263D4D6F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:21.470{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=F59045AA4308CD35E78109EBC6BF9C9E,SHA256=13ADC6218782495F3DBC08237A86825FC42363A14F39E02B95B57F1BA918DC0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:22.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2E24E889C603D8605D00FBA2A9E933D,SHA256=1A26E1F7282F0F77D9DFDC74B8C2B61AF5C93522D5EFCF5C7F1520FBFD0994D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:22.854{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C91480173A0CEC7A7AC4CEFD9A292FC3,SHA256=D8C1AC64CCCD635BC12FF2C713D1419266DCD59830CFF0B7C3FBC0769417663F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:18.821{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50096-false10.0.1.12-8000- 23542300x8000000000000000242073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:23.869{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ECB78C4E09AC04FCCFDED0002567CAB,SHA256=8F5BF8AE06A45226123A3F41F5853CE878CD0C3509A7264F09B9545EEC6AC851,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:23.883{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13E1D6404210F8478B3FA6B4D26C6118,SHA256=10EC72DE7BBCD1673FDE896CFB1C6A064672E38C32B93A4A58169494D9F10A32,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:22.071{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56519-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:24.900{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE50B50AC286E57049E742EE9BC43306,SHA256=B6ADFF8B63320DB2B58431318680301DA3AE7C21735AAF4EBA6002880FAACF41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:24.886{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9972435B9F3175B728EB822B33F0E4DA,SHA256=86044DC49CCD6E2939C00F1725A8B259425CF4949545AF0AE9B339DDF2C97E04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:24.841{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-031MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:25.900{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B42E8A40C5F4E3EC8F1B090874488264,SHA256=03D8997FB47C4E44A6CA91B8567603C01488726143EF0A63965DDFDF40F97A00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:25.892{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABB3804AA93DD088C575C3E3777D2101,SHA256=91E2B7CD72B99E5A5EDD41492DEC7F8A2BD507250005FDDD5FCCE8FF315E3BFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:25.848{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-032MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:26.901{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41E09505739F1E1207F00E8CD827A4CB,SHA256=98B178BC4301C0AE90B8FA992919D5EFC193F8CC9AD9758141CCF04C48E3362D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:26.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A16782DA73C813DC742DE64EB2D308AE,SHA256=A781836780CA736CA06D8B51EE66AF76586BBC04E7E2D8DE91A67018100F498E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:26.039{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:27.938{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29DE7C323E165D50841C23638888C3BF,SHA256=F108042E54D46271DADA2189C1CC25B58A67782BEDD491E1AF9BCB42C37171D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:27.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBB4DACD73AFDA45B415B0EBD6CA8E42,SHA256=9BE69240F05A7724509024E0B6DD7DA2D5988947343CF484A725933B2650A93C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:24.611{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50097-false10.0.1.12-8000- 23542300x8000000000000000242079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:28.938{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3D4901D5F5EBFC650A67784E676AE3E,SHA256=B99DD57140F26E34482D543C8187501DAF4446AB2124F971DF55FDA934D301CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:28.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A60408387C69C08FD54BBFA9D1012DC,SHA256=5D19483CDC9E577D920326254FBCB7E0F046EF5F59F2B5095809D80F35C0919C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:29.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8DB66FA003475818B9F92683BA2D1E1,SHA256=B38C443E27A11E3F3DD946E141B22C9F4A6D315DBA21FB158E64C426A9CFA771,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:27.986{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56520-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:30.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AB9C9EAC1ADB71146B657CEABB13C9F,SHA256=F8A83514C9A95DA909878BC8C91F871AA478434C2679A3B07BA624A8F4C65B47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:30.002{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04C7997A84CFCD2D81A4E9E483840064,SHA256=0F6DDDCAF877EDD16C1CD373FE117BEBBAAB0AF9B1B69FEA05C06B54BBE350B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:31.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=921B03EF93CE0F1503C915F6E8BC93B1,SHA256=F3E2A91498D9B0ABDDC3836955D38837010FB24B0DE14D2A403181157CFF8AB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:31.019{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=689B39B49D27C1ABFDFE5B5C15E5916E,SHA256=A731B7D7FF7BF83DD23BE6C7B830B3BA7F1F09D8F7EB6B41F2AD195EF0CC8B72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:32.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB11E9386FE139B717914470096780D5,SHA256=0D97509EB43FCD8CE7BC2705C305F654CA788A3376A6F7B3B87C3B56CA701999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:32.039{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E7E79782E91D1A939BA8755B7FED3C0,SHA256=BA9CE08BC3A3AE2B1903872536DD7FDB5087B3A46BDE3F37EB09F0C00FCE3B7B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:29.660{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50098-false10.0.1.12-8000- 23542300x8000000000000000214950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:33.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38A5F2498CA2405310437E6B797A7B3E,SHA256=218F8B7AFC1A5049A5464E4770B41CD4F88E6B684D0F5EE45C43F70307D3F5AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:33.039{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F67BB7BBC3ED2907C01A6FCE109E223D,SHA256=49083D84849AC9EED741A7DC951DF4547FC4696289CE049AD867DE1E5AB8D760,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:34.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B12C0C0D5FFD80251F9B6D2661EE95E3,SHA256=6573FF4E999176348B66257AEF303AE77EF5356C9B67217284D60428E0CC9E44,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:33.140{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56521-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:34.054{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAB6B437076F5B4B501A00DD906B24FB,SHA256=BC4EFC592BE67C8AFCB9DD6C8E9911324BAAE51A122653815A2FD3E7D1A81B5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:35.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A9331799BBEEA40D59EC39DA728A09D,SHA256=ADF223899CCDBA8355AD853098F4939F2976345D58049C0FF40D7F0DD227EBCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:35.071{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90E6E7FA7898D0FCE28D772C93901A6A,SHA256=486346EE0A362E25501754F7E1535135E9F5A60EF15C36D5DDCEB4DCAB97BA94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:35.066{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=77A6C181EA092A4ABE8979AB06D547E8,SHA256=534D782DBBFAB26236B3F1706C73DE984B7B563D5D5DC85A7ED1C373A3C81E14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:36.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37DBBB1F2310DF3F373993DE85FE896A,SHA256=C319DD53B7F3A6C4C4DAE8CF4CD184D375566F87793D40CFBAA7D69636134506,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:36.102{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EC0AB40F1585BB6AA15721EFC0C1450,SHA256=27546752D1FEC516242DAA79BD7E9330DA1D7808BD05FB12286D457F5E25E2F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:37.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D81FC3058D5EBD427C3BB1787B8C06E9,SHA256=4ACFCE5021CA5CE2BD8EE362A2F5891516A9D8E86364D6F2ECCAB0ADF2D8F7AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:37.157{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=32E928649C01675106D3D890CC5E8D93,SHA256=B31D0DE372513AB08FE00F3B5F2360D19979CD090CE8DEBDCC144E93DF0FD2CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:37.104{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=803274D1965593EA410B73D5EED8F62B,SHA256=E1C99C1B9EF3AA9EA663C0D44235D1E056339E475BE1AF6A42A6B359FA861BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:38.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55FFA3A7DF0A9101B3052010FB497174,SHA256=D183EB37D68667FBA122A2C9256B47B1C2D126CE0FA500C1DE0351F1A2674A4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:38.104{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9396EB8A28B24D135B11144AD27FBDF,SHA256=AFE7431D4129E8DA61F459660D5390B694E5110A5F405E77AD20962CFB8EF991,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:39.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B16C673AD7F948A7F61B5669E48D2E3,SHA256=CF52302B734C2174FB71666B1FF0ECF1470FEE55C0637408F358996E2B864346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:39.124{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC417E847D371051F12FBD97CA0DAE3F,SHA256=CD078C675C12194125C391686CE3540D2A7B1AEB64D7B0F1492CE52940EB7A8A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:35.629{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50099-false10.0.1.12-8000- 23542300x8000000000000000214959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:40.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DBAD051309AA5606AE7B83B01A4D7A8,SHA256=5D9D5E2726F5144C766AC766FB377FEF0E04CC13CE39A8EDC6EB2745B336B0B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:40.756{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:39.005{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56522-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:40.141{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C400BE56A5D39D991A18ECD34872BAC,SHA256=D45F50D48E5EEF9BE01D9AE2246FC232A87020A448FD925D141A8CC4CFA2E727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:41.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2ED8B2E3556A73A21AD98C7A6FD5BD1,SHA256=50505C051C5068640F56526F8D1F7A14DCB77784FC2DAADBB68BB90943AB43D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:41.141{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE8825C2F8EAE87DE182C0109FC94FB0,SHA256=4BF7A9639016686E2EF691779700288D36A3AF2CC6ED0A9093298ECCB6D07251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:42.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A3011134FF302C3A005F5E0C6C4614B,SHA256=941F2F9BEB83142663D8B391AEFDBC33EC51053B51FFCB69A5C5FBC80E046636,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:40.642{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56523-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000242097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:42.156{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63FDF53484D6098DCEB27E014AD957C4,SHA256=ABFE23365E512CA5E35AC428EA8C0FF0D1C8F023375BFDCC37F001F407754E1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:43.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3215324447FB0876434B901A9DF28692,SHA256=C9B89EB1BFC5CE730AACEF23B0699A13C8E981DE26AF22596CC0C37CDE728BF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:43.205{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B5CF7C8C8ABC7B64A5B4ADC6BA6756F,SHA256=8DFF2436FE3D135AE203D9EC5279CB8223642971C3DD749575C23F90BE6659AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:43.077{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-031MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:44.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75B148D31C06345C542DE305B197D0F3,SHA256=195C63BA850BB9AF79E7704FD830F93B138BA64CA9EB533994D0D6F76E565221,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:44.224{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D1170C897CB76E3E6143896757B749A,SHA256=DFDA6867061464408D7D48E7574C5C0DD23E47CF395173523CE14FA7E952B865,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:40.817{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50100-false10.0.1.12-8000- 23542300x8000000000000000242101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:44.090{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-032MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:45.988{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:45.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CBDDBEA604EB45872D6B68C2E0B542C,SHA256=75466BC9F1F42AE67AFAB1C30A4FF7CDF543786FDCCCC299939C47C996588731,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:45.231{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D2680CAC9C20596E190D3EF1D2E9046,SHA256=D3567DC093AFB24B287C351199CAFE97617ED06EF30B6E179341CFC928B5ADA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:46.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9677AC73513D563DF6A2576B207A827,SHA256=7D83A6FA81DED757117842534BCCF03E28B905A3425337E88F9384CE453C321E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:44.106{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56524-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:46.251{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CDC90B1236B299F9F52D9B4D6884D5E,SHA256=0A00C04B3E23A83B0989018A3B73EB81C7FC7A29E5165F17819D95F9145DD7F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7396535A8717802221D26989D348921B,SHA256=3A52D5518E547AE4D3C215C29A5D6548303A3FE10CFF9FD53E5CBDFC869D7EDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:47.282{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=526B5CA22ECC5070123243D3F622D4CD,SHA256=DC7E4C9F02D64276689EBEB2558132BD08742BC29A9B0E0B7477EF6A8C096B38,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:44.552{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50101-false10.0.1.12-8089- 10341000x8000000000000000214980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E967-615E-7901-00000000FE01}1468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E967-615E-7901-00000000FE01}1468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.378{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E967-615E-7901-00000000FE01}1468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:47.379{49C67628-E967-615E-7901-00000000FE01}1468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000215012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E968-615E-7B01-00000000FE01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E968-615E-7B01-00000000FE01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000215001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.925{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E968-615E-7B01-00000000FE01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000215000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.926{49C67628-E968-615E-7B01-00000000FE01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=221601D5B0FE1E4BBAE69A1521642A02,SHA256=8D252532BCF8A460FF8D42700DF565A83EB37477A6917FD9F7E8DCDD7731C14B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:48.298{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59A3CA3D7FFB9E865449B14EF96A8C37,SHA256=D6D15F905E34ED9381C1E0B3A1446CB9CC2E6E2B055E3788415EC926F6E5EEFE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.645{49C67628-E968-615E-7A01-00000000FE01}29882832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E968-615E-7A01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E968-615E-7A01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.425{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E968-615E-7A01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.426{49C67628-E968-615E-7A01-00000000FE01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.410{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EE7A8E4F6126CB79DC061DE953E48A02,SHA256=36F2A70D1AAE451ACC77E254C67EE5E2C6E7BD6FD1B7B45C5C04619E83D8BA10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:48.410{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69DD87F5A507C01A8BCD26E9EFBB2140,SHA256=65EE59EDFFECF058097F23C32930D53C5055148D40CE8F7642B12CC76E3ECAED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:49.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15A7D2EBB2510F70E6D3053322A62F34,SHA256=2A3357F5D4D31746B2FE4ED0A3880DF7F51DB88F7725CA5BD10E54A33249B247,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.381{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=F58F90BFEBB1CC22AAC42290B9D0F5B0,SHA256=D394D31CC1C2452512BE2F47D9CD4F30946EF0B3F10BD9DFEB7C9D25AB95D9F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.381{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=38DD6EA51D1F7257C9ECC898DA2979A8,SHA256=93C4E2780A812C7F6B983F00CB6DE076DCC9D6B64110DC9B513512195DBC9441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.381{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=3A476E47732C910E3F78B0EF0807CF99,SHA256=C891526D6E13661A0D23CFAE318F8F34D0C5427D9C757EF9303EB775E1371EE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.381{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2E76110FA7BED6C4CD718F38993BF79B,SHA256=DFE477A49D4BDA92E751AC5CD5D74BF840F19798261607E02325558E140EAB43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.381{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=FC40306D2ACF63BFCF73F32346899C27,SHA256=36ED8C2CD064DB5B6A4006854F5329ADDCCBF50BE31789D24924783819495ABF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.381{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=A942BE1E2BC71A24F4DE8A13A5DA0E1B,SHA256=BFFF592345D583435ADC980683279018C33A760FBA934DAB6D5EB06DB9F530E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.381{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=E84FE564275DC9D5C4FC3222387BA701,SHA256=C66574A4475B5A5D28EB797202343CB6E1753522A818E73D754EFE1A6606D61A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.330{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=418C980259D00395466687BB43B2363F,SHA256=DCD1D4ECF572FED61758464C753BE8684D41EA7E7546CC7C86ADC5A3E44FDC7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:49.535{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EE7A8E4F6126CB79DC061DE953E48A02,SHA256=36F2A70D1AAE451ACC77E254C67EE5E2C6E7BD6FD1B7B45C5C04619E83D8BA10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:50.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C9E1EE39293F949A5B8AF5D4A4B99E0,SHA256=04BA057A83A42F2EE788255ABD80F28F19C284489B2CE5FA3D7510047C90C352,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:50.349{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E05EC1B0105110BE9A5CAB48402896E8,SHA256=69E3C058E63B81A6C15AA7B8E93B7BC65EDF6584C44558AB0B16B6A0E6FECE54,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000215015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:46.692{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50102-false10.0.1.12-8000- 23542300x8000000000000000242117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.997{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A0ED68B14D32A4D041F0B1656FF2B16,SHA256=7F4C216ABF3A1115582CF64280660843E5D8A58F8B7384F514C19F629B2F0250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:49.997{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=564DE44A5C1EA167F227AB60281F1960,SHA256=D3D4FD64C162F01A35DE76CCF807EA261D4450AD26FCD9796661CE3BFCA714CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:50.032{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56525-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:51.380{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1E72098929C3DD3C6B5C6269342F7CB,SHA256=23A14AABE728487DB6F09AA7C0B6866DCBA07FFEF2063FF83BD40C84FF61B9DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000215044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.800{49C67628-E96B-615E-7D01-00000000FE01}1324948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E96B-615E-7D01-00000000FE01}1324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E96B-615E-7D01-00000000FE01}1324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000215032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.628{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E96B-615E-7D01-00000000FE01}1324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000215031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.629{49C67628-E96B-615E-7D01-00000000FE01}1324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000215030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.363{49C67628-E96B-615E-7C01-00000000FE01}18282612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E96B-615E-7C01-00000000FE01}1828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E96B-615E-7C01-00000000FE01}1828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000215018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.128{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E96B-615E-7C01-00000000FE01}1828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000215017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.129{49C67628-E96B-615E-7C01-00000000FE01}1828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000242121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:52.411{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF1E06BEFA6C4BEE5A88B2B4182A7267,SHA256=2A8940A10DA8403A84BF31F6820587C194B22BE158BA9C2668627A626C93AD20,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000215060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.457{49C67628-E96C-615E-7E01-00000000FE01}33162376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000215059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.316{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5A8D8B80E7AE4500A545231E37C1B429,SHA256=A000A4BA16B272BF6458237354FD5A60440E0D6A8DB852059AAAA9A452B31475,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.316{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D83F326C48D85E1ABDC24AE87A6C4170,SHA256=6EC04F1E0D433EC5B7E23C34190831331F94E12B08CAA1A91CB09A5B65FC8814,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000215057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E96C-615E-7E01-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E96C-615E-7E01-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000215046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.300{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E96C-615E-7E01-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000215045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:52.301{49C67628-E96C-615E-7E01-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000242122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:53.451{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F893A1F2B06833BFC662027B43C6551,SHA256=EE63E26D3F2F468E6A474647C86B62585874B9715B93ED268B349616077FDB7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.456{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7279A4C6516CC86608849FE0A4FE9FD6,SHA256=56D644C9EC111FC1C289DEB10BB7B80DF198166B3D8B1FA5A216FDC16C027AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.347{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0B1A4E4C8FD6AB5C110FD783A272D8CF,SHA256=46D1DDC5B8FDC4D61D553D2A680BDA91E6E20DA75A7FDA5728E5C07020CF0C10,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000215073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E96D-615E-7F01-00000000FE01}3276C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0C00-00000000FE01}7322760C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000215063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E96D-615E-7F01-00000000FE01}3276C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000215062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E96D-615E-7F01-00000000FE01}3276C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000215061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:53.285{49C67628-E96D-615E-7F01-00000000FE01}3276C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000242123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:54.482{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D65E5404F6BE9E2AEBFCC2BD3A8C815,SHA256=33E4CC1AED2221C044C2CC5A7E4101777327763BEB9F378FFB661C834BC4C488,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000215077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:51.692{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50103-false10.0.1.12-8000- 23542300x8000000000000000215076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:54.378{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93119ED8B51D25562E57B34E205DD161,SHA256=827133A91833310969C44A0680C7465165E4C86B84275E31A4620035116DCBDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:55.441{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CC035F02C3A7E7B60BE1B35D0518A04,SHA256=17E8814797F478BECAC3151961DF975704102DF8CA5F650D62BB784F00493477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:55.512{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AE10B09FABF095624A7E1EF1AD412EF,SHA256=7126094EB16DFA0A29FA6C7E1821225AEE1704FD959D4FB2C6BF847124756E5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:56.530{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA86F6366817F018C1B0D9F7FD62E0BC,SHA256=3556F6F41C29FE509AB9C049D5D4566F784966A5152DD8067685BF0CEE3F314F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:56.472{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B555D946596E0496CE1DD290DFF25AA,SHA256=2F4E82D68A6EBA04B63870AA4A47755E0963986DFC5F840C5995BC51A9A3FFD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:57.549{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F79D37FE7982120C685BE913783E76BC,SHA256=408A79472DF776703B001A537F5DE1F60573DA6CF4F558504B040E8C67801781,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:57.472{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97EB3A5CCB891450FC5D4D5C34E40ACB,SHA256=BD60C79DBD1FC6BA082C686C87D8636582B2229B66378DC6622E4E22D7D00A9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:58.579{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A57DEF88BAA1F2BABB84189EFDA5AFE,SHA256=75A2679D292F6C5A600311BA384D5D4962E365BA4AEB9D821FE5326920B6A764,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:58.472{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0525C745A47476991A45755FF108338A,SHA256=B006E95E41A445E07D05274FCCF35330111527E55394CDC47D4FD81F832E96C1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:55.113{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56526-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:34:59.594{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE2BB28115849566DF6D809E591C0A8D,SHA256=7A0213EA456F1179E04A69275F8EEA64E8A45B05491DEA3A770F2E0886B6BA0F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000215083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:56.817{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50104-false10.0.1.12-8000- 23542300x8000000000000000215082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:34:59.628{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D9FD05458B365384EEFB1248F5B5C82,SHA256=608AA1846C0EE5FD7276A69A8BB8A983D24C40459B4DC5E9D8E217B4C1773101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:00.660{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48DF696D2A9DD00AD2F74404048FDDE5,SHA256=38D8FD2857226837D513CEC658493199289C5880E1770A9817540A51A67CA91A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:00.627{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15928A557A21630594538AAD1F09B164,SHA256=4CEAD8F6721F17D8AE8925F32A652ABEE7E11BB6FA8866C7AE55CDD360C4DBC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:01.753{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90C7B1BE4B73CF821B495FE93285E6A9,SHA256=4A8E3DE462E564E7CBB867CBC17571127AE449B7520F4380916505DB6DC7ED60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:01.662{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54CF0EA76E8B33D22A458132B8CC105E,SHA256=E81DE19CE9A3826485D8252B88A4C9CF5D71CEB48022216B00F7D8F675564403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:02.769{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE69050835344DDE07FE7111E7FF382B,SHA256=E27A21E44B7C496CDE10974FEF9CE41D5EA30A43D35A1045CDA2431EC83C711E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:02.677{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71FF53400F2F678E7EB0BCD1565BD72B,SHA256=F6F74B871C1F6503DCFDE47A0A8C7F218B4D5B0641345F3FA2609FE8B121EC66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:03.692{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F6D6BD9C04DA7FDF8E2319B302A1DC8,SHA256=F3F5959BFB8FAB1F0825E855DAF082C9D8A48FCE70DA48C7D765305CB8721819,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:03.831{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE8A83C7F51242D857D1A2FEE044E720,SHA256=360062B7A82A23D559C119C12DE0409E29EC7822B4C8AAB0E40B01BD8F96AE82,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:00.126{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56527-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000242135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:04.726{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AE89CACC235AB35D542D746352DE2AC,SHA256=DD4437A89A576766B669747F8B2B5CEA97959F026FF4BFDE85259DE2CF06F28E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:04.894{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A81781B30FB52B8B02B9741EB390D51,SHA256=277000E3FBC0B18DF71C0899D4914998E5821CAE016D391F5AC42A7CC6BC01F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:05.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5BD0AFAE5688C825205DA93BCBEAFE0,SHA256=9155A3DB2781A5ADFD6F00A6DB77E1EC8224B995B6D386E981069A5B72BCDFBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:05.743{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F2F6CAA429FF8B1AC5FCAB42990815D,SHA256=F295E25C5F8C1AFA85876B76CE2E1A1799A824DF540AE649F49D4B088B63316A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000215091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:06.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6431390855F9E4012291DB6E7EBA8DEA,SHA256=02B66604C648EEE09D8C3F78531C41DC9426A722DA848D45A9B65055BCEEB24F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.825{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E97A-615E-D701-00000000FD01}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.824{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.824{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.823{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.823{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.823{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E97A-615E-D701-00000000FD01}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.823{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E97A-615E-D701-00000000FD01}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000242146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.822{6EDEAD03-E97A-615E-D701-00000000FD01}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000242145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.743{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86C708903F5755EBC8E812108F009E82,SHA256=96634943F1D6FC2B59C471E0A3F07D1872AF1BF9A7E83A05161E526EC36488F5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000215090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:02.661{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50105-false10.0.1.12-8000- 10341000x8000000000000000242144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.143{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E97A-615E-D601-00000000FD01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.143{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.143{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.143{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.143{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.143{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E97A-615E-D601-00000000FD01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.143{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E97A-615E-D601-00000000FD01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000242137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.144{6EDEAD03-E97A-615E-D601-00000000FD01}7092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000215092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:35:07.910{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0AF7C33195FF802604FF0BF4D54EF7D,SHA256=EA966001CE96D2DC286722F8B0AEAD30CAEBC340B1DC1C9C58EC0DF59083289B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.759{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3578335571B6A765CC9560CF6BB6F79,SHA256=BCD375D20E01DD3973648843810BD4EE23B9B790AF953A841634F005466DED24,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.490{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E97B-615E-D801-00000000FD01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.490{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.490{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.490{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.490{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000242159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.490{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E97B-615E-D801-00000000FD01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000242158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.490{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E97B-615E-D801-00000000FD01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000242157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.491{6EDEAD03-E97B-615E-D801-00000000FD01}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000242156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.144{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5CB712294A17C2ABD11D5B9B97ADFCE0,SHA256=CBA9370F7B7A72109006F7FF112F952EF6301EE5D131E7224878078B801F90BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000242155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.144{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A0ED68B14D32A4D041F0B1656FF2B16,SHA256=7F4C216ABF3A1115582CF64280660843E5D8A58F8B7384F514C19F629B2F0250,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000242154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:07.028{6EDEAD03-E97A-615E-D701-00000000FD01}27284628C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000242169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:08.490{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5CB712294A17C2ABD11D5B9B97ADFCE0,SHA256=CBA9370F7B7A72109006F7FF112F952EF6301EE5D131E7224878078B801F90BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000242168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.676{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56529-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000242167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.676{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56529-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000242166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:35:06.144{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56528-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-