23542300x8000000000000000136024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:18.822{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:18.728{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D249380DCD402D6FB9A05D5E1D6DB244,SHA256=A624EBAA947AE32342AB60E8211A0B36A17048870403B545ED9F68C1206722FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:18.155{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=542E2457433A01BF6B5525C95DF31B97,SHA256=9430FEBECB381677076191DF6218F660FAAB199A4B05239BF757A52577DD7C0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:19.775{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35D10A236B5AE1DF16C0EC40F1585257,SHA256=29E5D2CF2B1E3E720A040FA57C4ACDB3BDBA0CE7455C0BE60F42839B05F35CDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:19.170{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78BB8129E8691B9F151ED6707B00529C,SHA256=95BF8122637F934D9F481A4D743067849EF6910965235B4B97DC774CC84092AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:20.791{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=631425A872C8B906A738C54E25D49D6D,SHA256=3EC02863E7D60514CC8977AF1B8AFDFE21117DCBB27BCA62E6E4C5A6B4FD7AA1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:18.602{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50513-false10.0.1.12-8000- 10341000x8000000000000000119386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.577{49C67628-6004-615D-6B02-00000000FD01}32283472C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.437{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.186{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41F775DEF73A1E2FA0F7C5202618757F,SHA256=15229008FCABEFDC14453D6803211769319DF6FCCD0C45ADCAB4BC2B95DFA0F1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:18.136{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64520-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000136029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:21.822{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=900AFD71FD683577927459C1EB8B2E31,SHA256=43E577ED81BD76F7A20D6FF5D0D590CCBD759CC97E7DCB323EC96594C340CD44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.655{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AE357E3F07CB643578CA8C2A263DB94,SHA256=13544088AD2004877279B89797ABECCC43A53542C313D6D6E063B5AF95316FFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.655{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A63F6792B006C86036FCD52F6FB510F0,SHA256=108BC091218DB5C2C5C86515EEEF40C0F3467DA516A87D9E3A17FAF057AD754C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.327{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0453375299742842995A7409E413E48F,SHA256=F3F5387D69C49D1CBCE06957B9CD872F5A2423A2A8F6AD670E81B8624FC0D195,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:19.339{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64521-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000119400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.885{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46701BDF7DF6F70D66BC8E0BCF884DC2,SHA256=34976B6AEF4593365B28B08F4F582033332C52608AEF24A739E66A8D726AE091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.342{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DDE20CC706BA4D1B4EB89764807F1CA,SHA256=608639C4DD9BBA1DBD236AFB1E1F2E18E45205BCC06ECB3B024F737E4890DB5A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.431{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.431{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.431{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:23.916{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A23D830E6E8E8A315519ADA052F1BADE,SHA256=46C6F15CF9912AF8E953552EABC5D9A01FF3F83EAF27F7335D2E6C0D69B143A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.531{49C67628-6007-615D-6E02-00000000FD01}26122500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.514{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AE357E3F07CB643578CA8C2A263DB94,SHA256=13544088AD2004877279B89797ABECCC43A53542C313D6D6E063B5AF95316FFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.420{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=569D74923D052B5EE50FBF8048462888,SHA256=DB35AF0A7CF42199452FFD48D8FD24FE4B595300DE42E7E77DA58A1EECB9EC03,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:24.978{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=693E7E77B3F0B1C84E4B8D966F4C4E54,SHA256=DA1C0424227E07972C2A5C92A699355DB48124B11E84EB921744B57198CB865E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.576{49C67628-6008-615D-6F02-00000000FD01}40084016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.467{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6770B2BD10C6D9086428196E97C0DD0D,SHA256=272D380B72720DAC6AEC01BE70F7A39F9F5A7EC24D2E99D5F4223D00841768AF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.545{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC019E3D07F119F9FEECE7002F76F716,SHA256=6B376B00C67006F2C61A2AB85841D8611B5E29EEF652525B3890B88BBDFDA91D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.545{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5278ECC501C0DDD888835E4904F7B4E9,SHA256=4DD9F2DDBBBEEDAD4A898AFF2160A4F3AF2E8777EF3213ED99FED5FBEE180139,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.232{49C67628-6009-615D-7002-00000000FD01}24403208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:26.576{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2D3A1A4D4BFE67BB6A2D1A286026EFB,SHA256=FDDAE58CED708F51FED043F0EF9F0339EBD63D0697008F5440513D29FFB906EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:24.479{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64522-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:26.010{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A0A24FD74F473899E51335DBC7E1D7,SHA256=8CDCC84D09ED72927BE62F2F1546D598FE6377B4B17D1C134C94E0C9465A37E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.633{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50514-false10.0.1.12-8000- 23542300x8000000000000000119480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.670{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3C17BB8E5A7694AF8B17DCAFB8D9D01,SHA256=A0E6DAF1669E9FE5A9B7CC61BDD7A116CD928642C6F29EF19613A548B1F636A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:27.025{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=158D96D8AE84276F7548ADBB98C67435,SHA256=0DAA84D6DB1889DE121103D1EAE53BB7512B8FAA826BB14F879182966927457C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:28.701{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44D11F3706110896786F03EA45CCFF15,SHA256=805A1D0C8986A01DEFF5ED1AA342AED3EA4909DDA2D86F8C68F0C811554DD072,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:28.103{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FCE6DD7FD2E1961E8E1169F9F82F210,SHA256=C9F14843D3779B4EC20BEBF457DA80ABD1F1EDBF0F001AA356380BBDAC1014D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:28.232{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8CA0D28DC49E0B77D108CB85778FF33,SHA256=1126EFC79D1094E18559512770B88660E9C41D9F248C3B18B84C8F8C64C6C443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:29.748{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77603C0B2C5BB9FDF74B61505E860FB8,SHA256=5818DB2F69BC54A95A6FB7FF0ED9A56CED2057F516F1E5A1966BB40CB90671F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:29.135{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63F91B94A567CB3A1D5FB032974B7935,SHA256=E4303544BCDB2F1A3F8ADEE5E125F0FFE8BC3068FAAAD9FA949CF278F71015B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:30.754{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12357086362D4D41E5187A82EFCA2AE3,SHA256=6555CEF7AB5FC56CFC826594ABF1DF705BD82155A3703577DF55468677EBDB63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:30.171{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0CD153DE84CCE6150B44D09E12406A7,SHA256=0B75847A1D71AB91353AC168644D87C9F5DAAF54AF9BDDE3E5EB65AF6EF30756,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:31.770{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAF7B9726E6113C9E3FD5E4FC2A87EC4,SHA256=C726CD9616FCBCDA2771F420F736CB256CC7F431FB013C3000FC42D20719F014,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.203{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.187{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=615D4C9E43DE73D41EF10769AD7A861B,SHA256=9220392FA410507A60DD5CCFD5DFA9C6F711586FAAF16C7550B4823274FB0CE6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:29.671{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50515-false10.0.1.12-8000- 23542300x8000000000000000119486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:32.832{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20944E9860A5D90117897AC064545527,SHA256=49D3611EDAE8F21A6660C66B74FB91CB2967A227DAF750F223CFA0D40B6E696B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83897C20743A5721892D72E89F5AF03A,SHA256=7C8642F3A190F27065A7F6D525472B8DFF6EF06A172B3A7E50E996186C8AA354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F54F44F9CDF8266370761790AAD4D92F,SHA256=CD63B2B8CF3E81C1902915BD939FEA9CA3570935812E80D2735CAFBDBA538363,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B06140D519068C1A2F1DC349A11B3EE,SHA256=D6A3FA42ADF8A12ECCA961709D685A841C86A49031C2CBA85FD79BA4F6F89EB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.312{6EDEAD03-6010-615D-9902-00000000FC01}52604640C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.172{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:33.895{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB75AD0CDC1BF6D7C36A45EE57BAEBC2,SHA256=C0A6955E2B75EE76DA71A2F70B3C3256BD0DEE3EB7751A6C3D99A06B92ABCC58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.329{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.312{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7695D3940A33A2049B31CAE73994993F,SHA256=13602C6B22F495AD969994F3E9D930B7CAD50A23BDC48F5D4ABB75D2A66CD1C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:30.391{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64523-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000136103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.608{6EDEAD03-6012-615D-9B02-00000000FC01}60244776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.470{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.421{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83897C20743A5721892D72E89F5AF03A,SHA256=7C8642F3A190F27065A7F6D525472B8DFF6EF06A172B3A7E50E996186C8AA354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.358{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=154EAC5BFC7797DB07DE12653DB946D7,SHA256=E55D27608DCE19BF7569F56AA2D9A2E11AC917EEA466CF1F8AA97FD1ACE9EAE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.859{6EDEAD03-6013-615D-9D02-00000000FC01}5788324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.672{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.655{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56844F43B0030140BC9825836AB65A1C,SHA256=72E690A39E70D83FE99380CCEA2BA34D537D4B468E4A64EA0C9588651006DA02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.608{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61DAE074CC618F8E79695B486005DBBB,SHA256=AFE1A866088159983C798EE2A6F3A7E3FC69A6D51CB8AD95F483286CA764CC25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:35.035{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A55534A88D5675A041A4F92E7F1ED312,SHA256=618BCBD375F6BA8E7845DE8346513F304676C7A053A8EF960916F63BD68BFC0E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.312{6EDEAD03-6013-615D-9C02-00000000FC01}54281768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000136118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.735{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64524-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.734{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64524-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000136116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.141{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:36.890{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EF839C2F909EAA328FAF08177FBAB58C,SHA256=B3A77C920387D84CB44540AEDF049A2E2116AE1D0C7B273272C3E2F55EBC69C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:36.687{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=047A5B0D8D13958947C035F81200CBD3,SHA256=406EE5ED563A6F4055913417CC01322D1BBC43AC2E92BE4882F2F8759E73ADEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:36.129{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE082182DE445EEE0F8585869A1E3D3F,SHA256=1DF9A0307F8376B32455893E853A176FD2EBAB9F1175AEAFFF5419ECFACCC95E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B38CF46DBC898EFBC85FC49907A035F,SHA256=5906E6FFA5548A8DFE9B1A02FB038A44AD06327C1B1DC5BACE83EF780694A5A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.719{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:37.254{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5DA6C4C8BC303EC70FE1D88BD349166,SHA256=FBCB421750BB8860F37F09EF6E0807E2B605968032BAEE68E71791CCFCC94D81,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.453{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64525-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:38.937{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6485A0BBF4B3C8437F0B848ADC16407,SHA256=6D6D2F5838CB73DA7F243273DA9BDEF3319107559CBB0586124069DCA2C70BBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:38.348{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4A0B15D86089A0DE95BF062FF569B7D,SHA256=AF3EBB10A9FE4846F6C7ED880073AA06CB6A831C6AEF36CE9ECBD472D16367AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:38.780{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D3AADD4272945B4E25E59DCB89DB6130,SHA256=A6F796B96ACBA68205CAF741B4D279D87D72E1316B24D1537F7674E963962692,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:35.639{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50516-false10.0.1.12-8000- 23542300x8000000000000000136155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:39.937{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B10D7B4511862EC5C4E3D7EB0F3C0016,SHA256=6ACD00B6587EBB063848BF1AB5FB5A8AFC1639DFA11AD1E29BF88AA1FDDCC55E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:39.363{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C911A9DB35F7C54AE5BE37AAD29A86B3,SHA256=AAEA944C7F7F0B64420AD812C2383BA57BC1DEA685D98894B20B70E3E7587143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:40.968{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1490E7F609C4255074E6DDF0A7E87F02,SHA256=D571A99823EEC6CDCEC65781FF8D61CDEB60BEC88867E61D9DF7F07182F2B88C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:40.394{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79D67E6E19DBADE416D2822B8521C133,SHA256=A2982254DF3E753980DAF792149939EC5504007037D472B8F51C689A9F478CB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:41.968{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2590662D1FED125FBE3DF4CE5E15A6E6,SHA256=3A934386F6658346277482EBFB821BF17696225D8C8976A6F02AE05B55EBC6A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:41.457{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=005901C8C9EC8AD28D34D4489D32A7D4,SHA256=FE9DAC076DFE1D10386B7E66B2A88968722F2332497F8E5B6B139EB4FF74029F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:42.519{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E23554A3B17E070AD88BDBF4D56002C4,SHA256=DBF025D393DD15FC02A610DEBC63528DA102D3D83ED45C91984AD82AEEDF6F00,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:40.779{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50517-false10.0.1.12-8000- 23542300x8000000000000000119498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:43.566{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B8F5CFFC4C5C935F137A5CA29C317FF,SHA256=4B96F9DA414C3221987C3B3B55980F6F52ED96887ECD8EBA43EEE4BA481F90DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:43.015{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13364D680E738E4575F83DD02981BC60,SHA256=10B823C475E299EE87A69957CCBE966487C40EEF941B1690D102EE9550934C68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:44.597{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75C4681B77C5B57BDC0E974AB600E733,SHA256=86198B01C3D2265C07162ABEB0700A039A9D247DFB293D2AE8E95C05B6D746A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:41.454{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64526-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:44.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DACBA1DEF1D8A5FFD27595BDE05A1FF3,SHA256=CE11512EA0CFE07F76DE67BF9298A536C23FD99CB2BECD9B763E0311766B8C32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:44.191{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:45.784{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C2076505B4A95F2C633F9407C46C152,SHA256=1DE45C98D17C008ED07D219313B29AE7A101D100355F0936CBD6D1105E1FAF90,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:43.701{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50518-false10.0.1.12-8089- 23542300x8000000000000000136161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:45.046{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2872B6BE78DB5ED2BB105C8764E765E,SHA256=D3568A7E985B38A870B5BC603AFE748C74B6EE55C0CCE86F2B1356E3B19CDBB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:46.816{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70F1B5D70D6A6B6F1ACE0192B1ADA3B9,SHA256=B762FCC60E7F052A3B5F1E4E150A5CB1179CCA1906B9047E16ED7BF00A09C91A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:46.062{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=965077AE45691D288284E5498E12F7D6,SHA256=345E24BDB39B349E9E41B1D6F12857321891C8339E66EEA359A7F8B2CFED2F9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:47.941{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACF826EBE352018444C0F0E6EF03692B,SHA256=8D5B941C4ADC47CCD8A768A5C0049C8193535B95D7B9B0261CCDBA9865CB06A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:47.062{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=183F98E119F426864E98347CF40FD7F2,SHA256=3B90415EEB6FBA1F56FCE6C56E1C454346B69DCFBC10FF03C5105CE099E6543F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:48.987{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A74EE8644F02BD4137420472E581C60A,SHA256=0516C748B2567CD8444F2C835EA7EF71A83E7ABB9F40F5F469F36921744FB5DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:48.062{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE67F6D078DCF096E3DE61332A9D0DCB,SHA256=9E6EB5E0F06B941A797F5F8FD3A7FFF85D6292D746BCC2C5707A8EC4A787762D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:46.607{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50519-false10.0.1.12-8000- 354300x8000000000000000136166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:47.469{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64527-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:49.077{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93E055AABE54EB67EE46B2ABBBC1EE78,SHA256=A090073A80CCB161503BA8DC0FE312C292AF0AD476CB9278F17E8A9A5EC5B7C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:50.857{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-065MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:50.010{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8651924E964AE5E20E928996D6AD1DE,SHA256=982FFAFD036F3C748D3E55E9CF75CA9DA2B40BAF6ABC9DFA48D387A0F689E8ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:50.093{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0039FA3F53E060B668809BFB4F80B8DB,SHA256=FD1913C56658C3085B1819F32B6BFE22B39C752C6FAFB8D40C376FF63F70C5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:51.857{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-066MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:51.137{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51DA04803EA9EA506F595D78E1C2A16E,SHA256=913061B444981C48AE4AB286F35D3D48FB3CAF785A351571E1925249E61A7C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:51.098{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=564207697C9AC18B1A879EEE11362EB2,SHA256=109D36D09DB95EEB189AE0A75D35FE3B30CAB12BE8EEA2EAF8DDD9AC61A71158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:52.245{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6352D2F64CFE8E7980C35D8D97094FDB,SHA256=0660DA1A90984072DC901333C6EFCB7186B3452B81F8E833CCB17A865D3FB7BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:52.114{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DC3BAD79E607696339EBB90B01EE7A9,SHA256=5E2F5E6473F3DA4423751CEF70B7567491D6BBE2C7F7994C70D0247E393C79E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:51.614{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50520-false10.0.1.12-8000- 23542300x8000000000000000119513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:53.372{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A99DE10F90556BB426CE3465B4BC9BB4,SHA256=C1916CE322F8467DE96F06DC29AE8285DA9E7A32A0D685665E61B8AB0E486413,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:53.129{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E4937179D6AFF378E81A0D17E185B0F,SHA256=5460625D249C6051C8272311B5E11CF4F45AB9A189974A45F6642D037BCFF1E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:54.403{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A04BE266CE9C6E2904F81BE21D20B74B,SHA256=08AB5052562623F717AB189DBCC13774A79D38BFEE84B91D3167FA8F76E0497C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:54.145{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE7733A8589891129DD79E858AB27E5B,SHA256=42F2FB39FA35D046B923D07A42C2923C91D02B4F9EB73B16B1BE2925F118D8DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:55.622{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6EFE990D04C924745F33358E930A0B8,SHA256=30D3ABCBC57CB67EBAA247530F9342953C2EE81F0C36CD4961C34C7188C78854,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:53.491{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64528-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:55.161{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B67FC80D023CA4FB1DECCDC36CDE8285,SHA256=DCF46661872B9C2236E756E6284B6394C4E99E6D3088306C6036568382115335,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:56.700{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5553A9237F5F17A93C7B42443A54C85,SHA256=10756CD0345A96A4BCF4770431B14A4213E3D65CA2A11FCF2825942ADCAC52DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:56.176{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95BFBAC5024475F36AE6B868904EA94C,SHA256=0D60FF222822A2E6CF12012928BF008D34320805FA3B3D9508B964DDFD1BF4F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:57.700{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B67004C650D8A95AA8539F169023440C,SHA256=6A9D45C79B9ACE0256D5691B2896D838F494D5DA8A3AA4C83499AA285AC8C721,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:57.192{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BD07A40A97DEE313FDDFA063ED372EB,SHA256=FF996A114BE00324A50A24F78144C10F46AD9D8D6A2532DE53CB57F952F489C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:58.715{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60E24F8312B5EF566F1D4F14D731333E,SHA256=B3A8F1CFFBC77E573AA4040DC496BF8976DB7876D9AA918BC61B4A11F2395B79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:58.192{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF8A4E6682698D74EB86F265258EB589,SHA256=2004DB2B42A3F24287218DC5D2CDEC104AA8BEE88EC5FE0DEEC51DFE89221221,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:56.772{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50521-false10.0.1.12-8000- 23542300x8000000000000000119520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:59.731{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E27D88FF808AD238E9C6EFDB4E73067,SHA256=D0AC1F3504FB84C5B46FBD5C857CF56B32C2C05899BFE67CCEAEDE8A7B077E34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:59.207{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F98AB7607C7FEC768E6EF8E794BDBBE,SHA256=7D49EC30046F334F7CFB345BB3FF57B0E645D56C606DE022A3085E7043781BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:00.746{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A29F8A9F0145122A8237471E91DE93D,SHA256=9F6E58A2F56161845CCA201514C639FAE809682EF4093CE46B0602418CCD6663,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:58.536{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64529-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:00.207{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCC23A847BDEA1BA25EFED6A0719992A,SHA256=D02690786EDDA6A56B4371C8238547DDB42CAC89985EFD225AF1A048CD5B495B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:01.762{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA14CDA1F6B3F26540473B773DD81FC,SHA256=12AD46DFB208E28F981F5FAA48BFEC646B829E74EC4B0F816649BEAFCE5D0D10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:01.570{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-065MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:01.209{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94604EA7052A1164290F200C309D1E15,SHA256=FF815CF67899B34C0AA268EE9586FE49D20BB4F4CA1C43C649A5C184988DFBDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:02.777{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AF7EDD79E6BD2DD5EA5B84BD1F471A1,SHA256=63FE9C86FE6368EE9451A5E0CBC398CAD772AB97EEEC446BE9B4E5E34468A632,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:02.584{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-066MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:02.224{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BAFF2614706C79F21054D29328845AF,SHA256=DAE7605F87516440A2777A5FEFEEE54CE7B1AA23E8F5B5347ADD2AB5D87B0C56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:03.793{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201722F922E548AA96F0F30D81EA6DB5,SHA256=F9ECC10E6E56FA85EA17C7DE5BFA17A5173E9ECDA07C3F760C9353B0854E2985,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:03.225{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=972B28E34A4F59BA6730E295B3377E4E,SHA256=267925DCD1F65866B9321B1F6B86919E84EBD4467B0BD05BFD5AA7F096EB5CDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:04.808{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2216CAC7D9FA38A35EC4C985FC1D91F0,SHA256=40D7584B31AEC1DFADCB7E3A63A78D55F21B8ADC65D22391CB73CF74BBA35179,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:04.241{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=117EB70814E0A65F882BCEF817E7F05F,SHA256=FD0E8DF48A53E14C452AAC1BADDC724A1466321EAFB85A188D7FCCF0BABD03B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:05.824{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A40B378F8D72366E12D4BE7BD8B4ECB,SHA256=BE527C3C4BDCD0F399CB834A4CA673B4EF94DA5D2E10868C09CC1D9B73E8B2FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:05.241{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D99F6B2C41298D752A5FB025A19F9064,SHA256=3464991CBD65E1D4170A2612774B1BAA9B99891B2929E3E35E6CE722594BA243,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:02.771{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50522-false10.0.1.12-8000- 23542300x8000000000000000119529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:06.839{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49AE992E6FE464BA922D19B698CC5C29,SHA256=0F47D031A922B4C81A5F7021F79615E44DBC7239C1677F645CE38F990B562CCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:06.257{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=931CE3B22A56B37F91232E0ECB5BB798,SHA256=04D9BE97F8B273256E4B1A89D3FE5672A8317CC52A07F523A2D1F60967ABF3F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:07.840{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F632D2CF87AAF288DDF47830AE0F1EF,SHA256=6A4E6609065385E5D91A903DBE05756F176E0E855FF898C120B3DFB2F12FC6BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:07.257{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DDDEB876FB198D9884E2F509BDBD994,SHA256=E453ED705BAF4BD24FE911B71A204E8DC776942978B4EEF3EA8F231B6F8E7F4C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:04.508{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64530-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:07.007{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=EF9A880F6A4FC15D541F512D2DE66AE4,SHA256=50EBBDEF25CA0D3F82A0BE3B6C1FB63C946D5C1271E894265FD47E3BE8E83317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:08.840{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82CE85C2A33B60D426898042BDF1994E,SHA256=65A39F08AE93E68B4B2308408B8DFDDE3B8237F9E963F39153FB82B69D93650B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.272{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E058A24A6DC916CCDE96BF962FCE62EF,SHA256=E24C21690D7708AFCEE6C5FB4A22166ABACEDD1356F1A068B873BFE8F6BA4140,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:08.731{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=5029F81C5BA7D241C1ACC712722B076C,SHA256=A2EECBE8AE132ADF895ECB87B2EEEBA525CF740163EB373B91AAD61A0EA940EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:09.841{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D8BB39E476BA706BE3671E328260DED,SHA256=DE02333FB84CD0F34C68C2FD0E71A58176B7E894293205B4B80C0BD5BEE542C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:09.288{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74CF226C9F668323FB057F4D4D72FDB8,SHA256=CA9265B1EB5323B0DDE6F2602D13E2199E84882B76D224C07014361555D96C00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:10.853{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB040491060C8C060F7D7DFF4D6E9A5F,SHA256=F59879DF5B75567367D0A5242B879144510B8CA6DF4E20E608572686ECF7E846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:10.300{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC2378A0748AD4361E8089F6181585CA,SHA256=31AA2F6CCA48D773F39DF64883A69155BC13A27E68EB32DCF54A48A1AD5E4F40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:11.854{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=519CB25515B888FB6D4EC3745AFD6985,SHA256=F00BB234FDA209FCF48EA961CD63CCE3FAEDB32EDBA529D747FF8C908652E62A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:11.316{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAAB980C8A5B015E8AF6FE629DD418DC,SHA256=360CB2EF707ED18D23C1B83B6453F2B9C361C9B824690450A944861FB9295C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:12.854{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5031D650D34CCE6F90DD007B36994BA8,SHA256=478C278CAA4F4208BB57215293FA1937A42FC3AAEFF928C744258D743D7B1725,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:12.332{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B66A9DF632EFE99394F1BC558D3CC56,SHA256=583FBAE1A7D0E8C09622541B44C53B69DB44BB7B2E839DCDBCE5ECEF9E47B710,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:08.741{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50523-false10.0.1.12-8000- 23542300x8000000000000000119538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:13.854{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D2084ABAE21D9D9EB1492052CFCB0D0,SHA256=C556BB0B9C624E76CB633516D44DDC8D45F5B72D6A1C129CF4A09C9E0CFB9CAD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:10.411{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64531-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:13.347{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=124099375614FB3FD76038FEA45880F2,SHA256=CE71FCCC337C96A87F773D24BC8C1E08A0F255EFAE85C297020338591DAB66A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:14.855{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=408E4BDE4F5B475A2424835CBE7C145D,SHA256=047A2F93FBF26B910674C70184912B770EB6E2F740B2784F5961E712CCD18329,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:14.363{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE0CFDC93F58A93C95F1341C1905787A,SHA256=A24069692C5F5A2D9E775C6E891A5905D62D735ACA6EAA2A2125D74BEC849A35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:15.855{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=152E73B2ACCAD6EA9BFD38FCD54F2CEE,SHA256=04FC2C6C17F0E85BA43929E30C845BFEB6F3AF9FDBA8AAA60BF16FE8F546E1F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:15.378{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDB0E46200115A1D2B2F615238C0E6C1,SHA256=EA84D7995E4F142D1282B9D12EA7ABFF02CB73702433148654543D74BE48347E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:16.856{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C537B1F3447B90C7A7FD723EFF95949,SHA256=6E9EEDA5AE6997DF91EE14F9676970B991D6142CFEBFD83AA6FCF139A44B1BCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:16.394{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3F67DD24115AD5A387349F93C059C41,SHA256=510D5671557CF4C8D142F6D80C3905B63FFCA2748E436B76EE2FB9994653A571,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:13.771{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50524-false10.0.1.12-8000- 23542300x8000000000000000119543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:17.856{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F69DAF89E2F3A3D44C224299BF114B9,SHA256=11149A337EF352A3D6944C70939AB5D33EFFA7F58EE5D6FF60D25B9486017CEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:17.410{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5FB7FBD133CB2474D956BAD9B8F9520,SHA256=210B8E9CCA8881D24A4A021781A66CCCAD340090566579826B25F11CABA59003,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:18.857{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C22D748DD3FFB4F017C4AAC4E4E3DA3,SHA256=85C5608F3415F45DC281EED9584C62CDD4770B983F1DE9FC75820A7DCB121775,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:16.411{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64532-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:18.847{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:18.425{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDD1E25894DF0F5FCE7BE02498D4CFF9,SHA256=BB850D46F1D78E3AA3B745410A1533D4FE42F8F8A6A841FFF7074630DD2C996A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:19.857{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE710278447620E816B44DEFF8F4B832,SHA256=F0814F6C202C412E9DAF3FADA6FE4495B0B84FA44B351F6BF9322A7134C520BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:19.441{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=524683E32151B24F346F56A2598D09BB,SHA256=D698A14F71DCBD8A78FD4A97B6EBA123DE554A9835143E1AB91085B478976245,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.952{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.858{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A53E6D6E01F9F1F35EA57525C328F2FC,SHA256=D7D148FA85665FECD03754F87DFD023B53866D94E34F0146A0586C955BBD857A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:20.441{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D108AFAD637893751EEFD3DDF92DA422,SHA256=0696C839E93BA9F65D9BF97C30BF6573A6C198772C1812FF68945F2C807F43A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.420{49C67628-6040-615D-7202-00000000FD01}29482576C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.280{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:21.858{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=391344FCF70E127B373EC287BE408BF6,SHA256=067F89C82673A289F0C8CDE945783059335A7263C35BF5B3720292C83C53F81D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:21.456{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06F8B52FA154166C5485657B7482652F,SHA256=C653A78930CC008C3C746B01977623ACEC089B4E02E0994AEC1E118BFBBFEF18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:21.498{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=155A366F98614EB899EE119A2B47199A,SHA256=80D6AE6E0CE9940DE35A4DEE35452F1A2B498E310396B1D1DFE3465CF3F9E699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:21.498{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16BA8CDF271ADB70A81447FF8F9A9553,SHA256=DBBCA346C0EE33555D77F4653AFED08E134CF5DBC3983372A5643DAF9E99CA6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:18.161{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64533-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000119591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.858{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8162E24FE4FE0E148BAD0C3A4B7D8076,SHA256=30857E745ABF6EC303370F30EDBE36E966C6E004C08FC18C2EBE4308BC933051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:22.472{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F054CBE69CF4C3916C91CB26F0A5F88F,SHA256=08E2E4BA6D9DB3E8E50DBD245E85FE193F633DB2618C992DC4DB6F35A6C6188B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:19.742{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50525-false10.0.1.12-8000- 10341000x8000000000000000119589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.281{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.859{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D34046102A02CD342D25535A4954963,SHA256=FA5F38BEBD42DC60DF2BEC6215D813D4E27B2E489653BDAE021A44D236447376,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:23.488{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8EFF4788E8627C6060CDF84853EC3B4,SHA256=A827E0A12CAD36BDB32219F0A4A0B163602456304B77AAA1024EAA909D1F267E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.499{49C67628-6043-615D-7502-00000000FD01}8001116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.281{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=155A366F98614EB899EE119A2B47199A,SHA256=80D6AE6E0CE9940DE35A4DEE35452F1A2B498E310396B1D1DFE3465CF3F9E699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.859{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B50C37FE088D15358AABD2118A59C26B,SHA256=C673E6F9BFE8A38E3A7A40FCB928E1181EE86DF10AB5657E93C49A7F17BC36F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:24.503{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAF929953E97AB101369376616B34B50,SHA256=3BAD2A148A3EAAA3AB40D1C40061652BE94290425266B4ED1D6152B93A41AAA1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.562{49C67628-6044-615D-7602-00000000FD01}136344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.469{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ACD5E1071115F2AB42E987E58A2CCC51,SHA256=C4DEE2A9013A57666B5E1D78375E7483629B7B98D147CD5268D93B1B8508533E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.438{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000136237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:21.411{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64534-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.860{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8E09925F31F4270805D399FADAD32F5,SHA256=55F9E83F1F3081F8F724B9890528D909A84FBBF1E94F7C232D1D4FA7D4D1C2DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:25.519{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D78D977E1678FA8BE336A04BE79A5F39,SHA256=6C73C28702D210BBEDA2E10A8183DDD9A336E6CC14700052B627A64D9665BE18,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.235{49C67628-6045-615D-7702-00000000FD01}39163868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.986{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.860{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC57BBE6E58CE34938610D1C823EACFA,SHA256=0AA6AB1F5133F27ADECAA9F5526C26D48DC5B95A4410448D6D59A0DAA9160EAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:26.535{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BA3A82802DC07624BF1C2662D9DD1F0,SHA256=22C106E58F079EF77AE368388A411DE7E41FF5BC634573E8D13F20A2A5F8C767,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.251{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0504DFC2CC99AA064509B419388A9376,SHA256=AD074B5C445C2A2A3BF61402646E27D5DA3778B32990D24A23AD7D6587681F9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:27.986{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB228A332893D046BD6B5408E5D02267,SHA256=D94D229BE6CDBEEA06868A46E0930A9B3749215A1317BE2771F5562E38D82227,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:27.861{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7520686ADF5D60F22AE5A72F0698CDB,SHA256=4E68C94AC9848507B82411AD1B5AEF701EF59F84E9CDF193F8FB5854A7C96F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:27.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FE4E2AFE71FB3B47A04E41A388E28B7,SHA256=4704BADE8B38377568DEDEF37952D79AF56925649983242808B9C7C559292CAF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.682{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50526-false10.0.1.12-8000- 23542300x8000000000000000119657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:28.861{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23E099895A34BB9CD8524DBF4D5EF2D9,SHA256=80DB9EF5E7C65BE6D4150D00671B33ECFA7F485F58889801D40D1F2B62FC4C42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:28.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50176E24A1E262B79CDC478383E6A69B,SHA256=C3D2AC7347A74B9934E6D5565BC1285DEFA6A62B74141DA7B0905269412E2828,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:29.862{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA8384B08ED37BDB903321A947AB6981,SHA256=52DC0D2DC11F2BB7807B0A12655BB9F416FA3A91FED78CBB42778FBA50FFD583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:29.566{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90AE9031D5E74BE512795DB72B59512B,SHA256=7782993942CF40B67D5433BD4B291CFF85D8119614DD709EE0152EC9A2E86F7B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:26.582{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64535-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:30.874{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D39E9C852608E5DB4CCF9562E3CB56DB,SHA256=E95E515315D357C603D5C670CA9394473DF36D586B26C0B69484561A33A2FD47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:30.571{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA8A2ADB998EF9B720DBCD9B2A27B1DF,SHA256=CD301B9BE73C39F1952B93F3B561536B5770E312F6F4A881BD5B681121B847F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:31.875{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=912A8038352F03D9595B025C5ECEFFFA,SHA256=C023243A5ACFECAB02777B499B499F5EB8E5D566C551281A0999AED225236606,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.587{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14E7916A344C7D61C81D8431DCC0A0DB,SHA256=4A2D3E9CC57F2D05FBA8BC390A4F8157CD5B30B90D741AE37148D71D4FF45BC8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.228{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:32.875{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FD131A5AD70B7F1CE7AEA2C4C674ACE,SHA256=D6421DE4909A025821900D7093D95ED37B3B080FD3A761D5228FCA97E01CD351,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.649{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C76DD68667003A0A5F1DBCB429380A41,SHA256=B7F00CDC524CF489E6044756235DB9F2710D4AF36264687555359B1C0D2D9CFD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.352{6EDEAD03-604C-615D-A002-00000000FC01}11604172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.243{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D942CE626C5D184745FE627E846663B6,SHA256=677D0212CA18EC47570F83B97E9AD5A18743168FA8D4B29F89D9A37B4EE4F0B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.243{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=415F6BE8BA029614EFAC7C66222ED09B,SHA256=19780511647ED5DCDD84FD3D5AF77A3EAB2219015056C80B9B686901C84FC1D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.181{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:33.875{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50AB40978B5D3E8417EE42CD780DEDB8,SHA256=D309C6E0C7F3A1F1ED71256CC66230BA58F367C117BF882E7F215C6AECF9AC32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.680{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E23D0FE7E3B292FCF3DBD258402F7423,SHA256=7208A840F7EFF04A2966E52C2768552760B7EB92DE88260F0F0836BF8957E1D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.353{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:34.892{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B24677696FD995D7ADB2FCF7A9D7CC55,SHA256=4676D5E3BAB81A7A92D4AB03B58633E80242C612CF3E2AAB68EF775DC7B9DEB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.696{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0C5410A53F06C6AB64B614049BE654F,SHA256=5975E077240292F74607086854DE968D0F47BDAFFA92753E8A9BE8C3378589BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:31.572{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50527-false10.0.1.12-8000- 10341000x8000000000000000136305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.618{6EDEAD03-604E-615D-A202-00000000FC01}51404004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.478{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.399{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D942CE626C5D184745FE627E846663B6,SHA256=677D0212CA18EC47570F83B97E9AD5A18743168FA8D4B29F89D9A37B4EE4F0B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:35.906{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58A04CAA99737F728E65C3965B241744,SHA256=4B4B692425FEB44D478F849B510EBEAD8B59365D9235D13106F92071AF855F07,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.822{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.727{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BB38A885451127E327B274C4761F91A,SHA256=6D872DDF3EB899EA8DBB1D1B16740EC6FCB6A69C0F6EDE55BEBC340BBDEB05F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.618{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6B0A3DD2D20FF95B131F19D7F9CA7652,SHA256=5EC6D2956AB78CE19FEEA914A490A189135D634D3B8AF94398BF4A0204E35318,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.744{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64537-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.744{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64537-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.478{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64536-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000136320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.337{6EDEAD03-604F-615D-A302-00000000FC01}11084012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.150{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:36.922{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2692A4A61A8F75E35A56D56812F9A9B8,SHA256=AEC0BDA4EB0B139884CE84A14DE0B78B182E101825CE73377AF72F0B5AF67D36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:36.852{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=40194D3B545574C50A68A57269E4122C,SHA256=5A5DB7F223A21D36D9AD22086FFDF24ED14C13A8DDB367A224A3C9EA9543F1FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:36.743{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AFF5CB75CA656708230778C8986C0C0,SHA256=86210B0982A774DFC8F4F39947BEF53F1543B68781C93086A0040E976CBF439E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:36.009{6EDEAD03-604F-615D-A402-00000000FC01}57362212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:37.937{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A31B43B5C0D8472F7A81FF6FCEB70123,SHA256=1F0D2C07E3AC99F035412C6A514129B4B0A9DBC8D63CFE7BF69B8B3572FC1139,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.774{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=901CA12EC7941AF675E5090895CDE9DC,SHA256=7489118AB57B90D076AFBBE88B5E7D439D3CAF50B0EC0A48728A553DEA60C4F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.744{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:38.953{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=777FE8AF588690997D36129501680DF3,SHA256=D277712DC2A38DC42812BE3DD7E057E31B61A8BDAA3CBE0138F3C4FF6C25ABFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:38.805{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F6D1CBBB0B40F0D6260A0FE9D520167,SHA256=9A79AA6DB898F1CF7680EBBDA5C1B9CF1348788C4C0972E64DC80AD4DAA6E935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:38.774{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FFDD820DCC562F73FF473A91D20EE15E,SHA256=82674D366A4007AC11924D39E409DFE521AFB27F57928FE83BF97CBFE3DE3D42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:39.968{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2D4BDCD0BDF173FFDB0CB29953D7171,SHA256=F044E7B56016F4D77AEAAC3C8FF9C36EE6442A47D7A460C2AD384A8A0B471D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:39.837{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE2B2A32DE3EB36A5959EF885EDA6ED4,SHA256=EFD874D7160FE75F5DC908D4E16D3AD61B0B5F57DBEABB080EA9E4D6B37927ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:37.572{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50528-false10.0.1.12-8000- 354300x8000000000000000136358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.494{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64538-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:40.984{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D8778BF9614D50F7D9FF64E4653C801,SHA256=30BD79633D2AF573A9DAA7C4AB8FDEA3B20D5E189F4CBF73B75FFE33B68A7D5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:40.853{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=775CCB6C33F8F8229E62FC1609D6BBDA,SHA256=76323423BB2605117A814A9A258FC291F1CF3FD1C55D8D6262A9DBA17ED7FB33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:41.868{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46D79F896C1BA00103CF505A913C2AA5,SHA256=B4DDC44DEF062107CE1032405640E8226B5254907819EAA6F5660B8471F6FC80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:42.899{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6703826BAC4B7CD123DDD15F2B21914,SHA256=4AF1449C6AD98C5DC0C73A4FE93E030BD21EFA9A1AD3526367F41063FC77DDC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:41.999{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60481E450E8A05D6E0D090DD0979C64,SHA256=BD5D530601ED4FC9D82CD612FF5055E28587A5971C71407AAC56EB0129C6C607,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:43.915{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=639DDCA6A1F9D2E85D400DA40ED7572C,SHA256=7E033B701B20B2B9376426752DD55A0BB10C8583716B15896DDB7DE6D4779662,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:43.003{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC1732DF922CC30DF8A0D7C69CED15C7,SHA256=54438B64366AB309A135D4AEBB9794EB086F97C52BA08DB6F786F00136FE2883,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:44.930{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FD9A75CA381AC334CA81C66BC47DBA4,SHA256=575A9AB7021A8F5BEA320012108538EEDB2CEA960CB2887483AF52B7D09BFBF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:44.218{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:44.015{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFE6987C99BD97D9FE988A34AB0D3E5B,SHA256=CD3B0E2FC6F69F047DD5CE85F0D1B19B9DE7E42602E35FACBB0E73A9EADE2BE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:45.946{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BFE7BDAD7A9C4FADDEA2E3505E80A62,SHA256=38C3EBC2457566B8363FE378E3CC63583ACBD7A3C12AA95317AB325EBBF39E96,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:42.603{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50529-false10.0.1.12-8000- 23542300x8000000000000000119676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:45.031{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42595963CE39D51B367B5C0244EDE23C,SHA256=BA3BDF7E6CEEF1E055091E5B713F3392AC65C394655407EB8DB33BCE445799F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:43.463{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64539-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:46.962{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1414B869C44138A8D62687EC2E31403,SHA256=CFC3639A068CB8932BCB92625C8DA0C3D41652BCC96E43366236F7D37F2DFA18,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:43.728{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50530-false10.0.1.12-8089- 23542300x8000000000000000119678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:46.046{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=051B5DF0A92785810A0A1507DB936C77,SHA256=19F3B14C820F73B4D7898F9CC64B6E6BDA45052B9FB6F81D33B3D586685FCE82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:47.062{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=779AC1CE9DBF5677EA41BABD3B991C4D,SHA256=C5EE8D17DCCC70C957F762AB76740C4041A3710A5E28EABBEE516415CB3CAC55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:48.077{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BED2DF33F6FEBD2400D6E6B4518A4977,SHA256=134CF6A1D61F1EE80EEDD511BCD0AD117E6957A78CFD4D70297CF9707FE80F34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:48.009{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F75049CEB905078323614E900EE6D55C,SHA256=322AFDF4837E0460CC34EC3FF23F5394A2B1E6101FA452B01ADD084495005F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:49.093{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57F8C3CF61D1055046DDFB6AF148A6AC,SHA256=086812BEEF9FB94AC44FA13F05F9B6CD192744E6E15C44D8DBC955A66FB1D98D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:49.024{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E522DE463345DE5590BAD0761A7773,SHA256=B9FC30882F71A25AE2C76959A57688FB969145034FD61FD4367FA77F805D3DE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:50.055{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71B6E49B35A9F6831086740FCFACB695,SHA256=E57570FAD2C4904DB9526F0176FBA58CE93B767C4AFD8AC6D512A9480104DFA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:50.104{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7404C7D89859467708ABDA575E68D8B5,SHA256=51A5E92D7CFD03AA60EEAA1BAA29EB329848FD650E5D7987345DD5704981AD42,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:48.618{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50531-false10.0.1.12-8000- 23542300x8000000000000000119684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:51.104{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53A309930B2859C6BDC79F105828D78F,SHA256=02A2D2F0D1BC4607DB3F7A5FEC4C8902A9EDCDAF9ECEF45F9FF09C31FA16DFF9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:49.353{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64540-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:51.066{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=772369F48D5340586D913BDBBCFF82AD,SHA256=CCA936304191F71E6B6F60288522C9AFD53DDF19618E5E0060CFC40968AA80D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:52.388{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-066MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:52.105{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20817C26BA07BDC9D6739C0B80BEAEDB,SHA256=0D9A04B1506C22FDC3CB432CD3681D90E0835A8855394F5B356B9664FF51F80D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:52.067{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F7D065301604D2A2C24B7259547B071,SHA256=318523EA0DF4D33F4DFA28EC89812BFB1738880400869C2AD12096307B51749B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:53.402{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-067MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:53.119{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DC9F62E98FD062F475DD750C6E31EE1,SHA256=E7D8AFD63149B48A2E3368690927D916D804DD278611C3546A55AE1ADF0C95C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:53.113{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C32D3BB581253C2B6B9C28CA4572BF2A,SHA256=1BDF88DDDBFAE1CE2C14AED5816CD0AC5CABD081A0578E3709ADBA22126D20F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:54.145{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=023E2ADF577AB1487DB7F277AE2464E4,SHA256=FED6CF9221E246A292FC57A5754C9D037F77FC983269852F78461E9FD4B4D935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:54.135{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0F53207FFA1D34E8C0ABF2A46BA91D4,SHA256=ABC90F2D7042EA40E0F3F80763ADA1AA9669621718304D71039EA9DD51902367,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:55.160{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2DC5AA593BD4C0B94C8BA578F89AFAE,SHA256=E81AD2F40EFD916D2CE362EE3755A66C0ADFF7085346FF907825F5221C5277BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:55.135{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FBE246943F99AA408F7E68753082457,SHA256=7EB6E68AC62EE4EB30AC292826C7FD6BE4B2AC094B3DA35B25C6853AA691EE39,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:54.613{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50532-false10.0.1.12-8000- 23542300x8000000000000000119692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:56.150{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3F3D2B5C544519D8D9419334FB80F9A,SHA256=7B7BDC8CBD0AD30D3F839A06C11E71A096E9BAAB1BBDD84B1B095BFE79F4D6A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:56.176{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=662F164E5AB37F07C12D7756CE42D4F0,SHA256=048046EDFDB2D9B78A831EE40A4A46396FB895F8CDAC4E37B72B56BD60AD2B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:57.150{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9571DA0594FBB35F601A9ABCD889CE6A,SHA256=C751E184078B08DB59491EC2C25F886237B5E1EAC19AA7C2D458083598934340,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:54.521{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64541-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:57.191{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57D8143810C21A08055A3231F0C194FF,SHA256=C4D85428E4CC3B4EA56D0FEB9A0E2A7041DBEF9373C8658FE64DD28406596D47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:58.207{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89617EC2050D9E567F0ED5B8AC2AE59D,SHA256=752C64ACA9A9EF3FDA563053C31333068A8DC15B5B49651EA56FBB661633BF6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:58.166{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF8D513C7EC0C6944315E0017B28EB4D,SHA256=68B2BA7EB8CC42CB14BBD7ED973017391C4D9D6492289F1BDF4BACE53EC46707,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:59.270{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0649220231004713FF428C5D38CB2E4E,SHA256=519CD170F2F87C1C339FDAB95EC90DDA2F0E8E18D52A777EDCE139A6E8EC1F26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:59.181{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89D42DAB94B24AA22457CF30151BB762,SHA256=66E60781B97A4B7E94C8A789392F239399B85EAA375E06B64C6221FBC8783F2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:00.197{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF215F0083196F1073B5289DA764E2CB,SHA256=F78E647FF86B098D7772CD77616996C4A6DBDF989547A537FE9962FA09133CAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:00.301{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F9F3ADBB1396956C797427EEFFB481,SHA256=B2225BC5ABDA5A9E2129C78CD6B2B506788A7124EC919319A515AFAFAB3D8B06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:01.212{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8871367CA2C85BC9FD0331C5B02E2869,SHA256=9A3301425E281640D1E377804EECFAA5315DA396F442AAB9E7751065146BA617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:01.316{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EDC263D09B217B6DF0B6F43BC7F5F22,SHA256=7E8C8ABD4418123B0760D1C463246AF6D76439520AC2AAE3B588E0A6363B2B6D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:00.474{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64542-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:02.441{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2AE5A8B88AB13FA7CE4BE6998035BCD,SHA256=31C584E42D6DE5AB82E29853633265FD3D16F8BE12AA7CEF7F14F20D0A1C2BCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:02.228{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1863A40206BB141F7F5C8EFDA9306C96,SHA256=302FE98140D75D7CF2A35548E5276F8F8B02C2CABE8E8CAAB91E1E6682DABD6B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:59.785{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50533-false10.0.1.12-8000- 23542300x8000000000000000136387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:03.536{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22B397DB556F6A4DB2C511E9F975C4EF,SHA256=8FEFDE9C33A10C989AC082B71A0B3CFF1D2EC04341D35CF67BB6015F0E59D242,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:03.244{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=384A419D0E1A5324C44D2A8D2E352263,SHA256=B34DD21E44EEFDA2302137BA67AFFBDC7157FBA8C156DDD435CD447BD8C68214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:03.117{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-066MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:04.582{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B78232B13F32DE25606CCEB1D3F5E1F,SHA256=88CB380036A8EC8963680728FADD0190251AF9F842FF2BB91873CDB61D23C4CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:04.244{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=057AA7F56FE2384A5C75A689F3F47FAB,SHA256=DF964740A394B36CD7EE593797FADE55719668B2119E31346E0B4C18D65B4F34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:04.131{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-067MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:05.694{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BE4B84F591482AA43D98D6098E4D5FE,SHA256=11FD23A4B446ABCA94D2EA742B611719A9EE3E2AE8F3C9308254A0E3FF154B14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:05.259{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=745C64B352BC4162E2EDF772BC56F076,SHA256=DDE42DA2352BDC55F45027DF0A3B83199B203DD0A1967FAB15BF823FD5EA4497,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:06.756{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=197D780FAEC694FC358E8B31A379096C,SHA256=D125E5741BF0D2F2F7440FDEB96481228402952EEE94CB3EA7B971CF961C273A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:06.275{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B523D5048D5123BF47CA6388870955CD,SHA256=7A31D2C40A2A63D62BD603175A650BE1D2344F2DB24518535EA982717A37D917,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:07.819{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91B72858FA9DFD7906F17BCA38B4F1CF,SHA256=9888FA930CFC2751D7F75E8BE05B65EC8AE0269E6C788C7306ED861B040BC8BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:07.290{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8239E709DEF67E0C929A3B2062570BB2,SHA256=88DFEB67C74ED5470E778FE94D8453CBEDACE4969D7E5E149886285EAD22B16B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:07.022{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=DDB30D6156BFA8289C66C64E16439C61,SHA256=713F974A02FD14EBA4392094D27FCA9F43D7C32DC2BA2118129C209C814B4EDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:08.850{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5A74360F7C47C473AA6B5C15E7F6928,SHA256=32A5A141659D34C05A556E7A8C385EF68D29C248FED86F24E382CE67EA9E5F68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:08.743{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=D505FDB1A9BB8DBBB8221DED957401FA,SHA256=B7268173C0C85C31DA61393581EB419729D49B5B3FFC6E3AEC55FC6D5148AF30,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:05.675{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50534-false10.0.1.12-8000- 23542300x8000000000000000119706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:08.306{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A12553CA0600401D97C8B8153451066C,SHA256=AC26857B13B5EED06B5218485E5DBD3B99396F9997C1D5DC0CE866937493A8C1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:06.507{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64543-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:09.881{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F53946E98549AF6E3D3655132774E1C7,SHA256=5F316DF550A1522289A980D9ED8E42499B3E13D8A84C01D6486CCD4D40528AF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:09.306{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65AA29C5E59362E3408507766992D375,SHA256=AB42DF3F9B10969D06B280282E26E10BB0DCD521DD0C55C6063A9DAC788382BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:10.912{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D482A5F470441938DAB41F065CB456,SHA256=DEA169F04C76F6614C8B17C7344AFD1D766EA518F34653C490EBC56DE4AC889E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:10.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20D7AB37B06320B2F214024E3A26DE7E,SHA256=210194D85F49731B4C6FCC1AF73E4A52FC92F806B80249038C0D5F6C144D92A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:11.959{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F7FD49E3CB0E2A619A7C6EB4A480786,SHA256=CC46FD744852E9291410A5B862EDB46DE3FE780892D4B38D6A339BD2809C1933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:11.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9ACCCF0D41D32607FFAB8998CBEB1F5,SHA256=ACA53464DE2C809804A76886675561024E8F971071518C4767213E8999D25EA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:12.975{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C93336FAA463041C01E55EAA1B7ED032,SHA256=A1CC2D91A0058FE47898128B946E5F937AA8B753523177725AED88814970DBA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:12.324{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC63FC8C475F30862E5BF8CF8A4C6543,SHA256=3181C4981243BF465F0F80D6001806ED19CE18F7E17E063FCA53544E88CCD1A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:13.339{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A035AFA8E966DFF9E56543823BE6EC2D,SHA256=39F206799ADB3D2FD73F5EE8D8F067816FFF7ED8659482B0968F2FE3ACA95A58,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:10.724{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50535-false10.0.1.12-8000- 23542300x8000000000000000119715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:14.355{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DC9182B4CFFEF876A56C7D1015865E2,SHA256=3AF2CCF281767CD2C96C344885435BE4900FB20C95D5D879F1E373AED843DA84,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:12.397{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64544-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:14.006{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=972B03C79893660B14075CD91055B480,SHA256=AD9EA07CF3476A184EB66F170AF6575FF28AA55744125D01B5D759904E3D9BD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:15.371{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEEA8C0AB46AB9476D9D1ED60D8129D7,SHA256=237B69500EE2D7CB9FDE3588E7B94E921C888FA815865565CBCE0C76EF9C02A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:15.021{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C068ADFA9606C5DA77A37F2D19D3E5E,SHA256=8806EABEBC36FEC028889E7D36685FC6670B83812BAF6B0B1EC42C8AB265D341,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:16.386{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=189CB06497EB2C81232AB32C7AE8DB86,SHA256=50B1BE39B4F79487DBACAA0940E1B437723951045AD7F2B24A132E368830AEF1,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000136413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000136412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003ff71f) 13241300x8000000000000000136411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x1ff3ac7c) 13241300x8000000000000000136410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0x81b8147c) 13241300x8000000000000000136409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba95-0xe37c7c7c) 13241300x8000000000000000136408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000136407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003ff71f) 13241300x8000000000000000136406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x1ff3ac7c) 13241300x8000000000000000136405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0x81b8147c) 13241300x8000000000000000136404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba95-0xe37c7c7c) 23542300x8000000000000000136403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:16.115{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B031AF64C5031A978051A1F82B592DB2,SHA256=1194735589A836C1618722DFD7BB3B812FF483CFB451A494619424F987934AF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:17.402{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=122BDB6048CE936B51DD1D9F0B484353,SHA256=BF686C28794BB4DB5003C5B71BB0AEC4382AD715975118D191C1045F8459CE48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:17.131{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41DCEA96759FF7F4F6F54616698F4F08,SHA256=5715E03D36741F3EB822302B88697D1ED42FB848C1662E3DCD1856266E38FA33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.865{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.146{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED65C8671035379FD60B774CED5EADF1,SHA256=222BBF8EF8D4A36D855480367701FDDA4D8E8859197A4E34349961A5B71F6C90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:18.417{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0510FE01DAC4F1CFC4712E45B5A57907,SHA256=220C14C86D82B9FBA4BABF2BEC24A8C6DDF1AE0F4C9261ACB3C97572992C690C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:16.771{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50536-false10.0.1.12-8000- 23542300x8000000000000000119720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:19.433{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A8E1AB034888B97D5E74EE9223B5E7,SHA256=257C8FC6B5546318AA316F054C456A925FA79F13C03C7628AD5334A903706DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:19.162{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=209864515AA53BE903084BD9EA60915D,SHA256=40E53E6B9F3F9B852D4624CD99D302341C60D3A73D5405D9EA2A0BF8D5FEB175,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.949{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.448{49C67628-607C-615D-7902-00000000FD01}28684008C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.448{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AC57169A1133924B0BCFD1EA847B5D3,SHA256=91536D21C37B7BD8F70889129F8C6E1E58A742F57104E9719F9F9BF6CFAE4A05,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.397{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64546-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000136419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.179{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64545-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000136418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:20.178{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C05D9AD897046F90B0CB27C19A3F23BF,SHA256=1325DADA2FAEA43A58C17CF530E4B45EFF30728C96E20D480DE878BBDEEBBACA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.277{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:21.464{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E50F09E665A28E9390CA953EB992D2FE,SHA256=1C46EBA0F499B00D5C070285A9FE0245091683E1173731FE99356E68ACD1C633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:21.193{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83575230AF7518533858D29B662D1B8A,SHA256=8C4D872B0FBF55AFE5F633909A6A3EEBB9EE62FEFB2576C6D80887A545DFF586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:21.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37559A5C91F12B67452EF7387538DBB1,SHA256=345B0E73C6D5A31EAD1A1139D9449B655AB2A33F47FF05FD9727CA733F54B294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:21.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6AEEB6021BA2100CAD6609BA64FEB289,SHA256=3735D3D8D3C9638000DD63B8C81281D2E7559D4D94EE76451D567518692E841E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:22.209{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F85D5496B92729325BA7ABB316528A,SHA256=CFD0162EFD8DB4A80EB156EBECEB6386EF540F21B6233BC8F3A3E5850C1C63B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.480{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD8F5BD36DD98A303CE8304CB95E3589,SHA256=5AC0BD49538EC4F545C6DF633DAF21E129F4CD16C72765C5BB531871BBA3AEF0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.277{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.511{49C67628-607F-615D-7C02-00000000FD01}6763244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.495{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9640E4876DD639A41C84F3BB443437E8,SHA256=5C4E6F42EF100B9F84A92AD602702354DFD52EA6A959AE1B7C05F00BF01CEBA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.495{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37559A5C91F12B67452EF7387538DBB1,SHA256=345B0E73C6D5A31EAD1A1139D9449B655AB2A33F47FF05FD9727CA733F54B294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:23.209{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78CC553421EB49E6A0BB3D0B37CF7A7A,SHA256=26E341E15E67DEB6E9C53FE0A0A0202B2CCAF1FE9BB416CBC241EA25A02DA273,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.371{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.558{49C67628-6080-615D-7D02-00000000FD01}26002560C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.511{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB5EBA1385A9E355280471D2382A32B6,SHA256=A8CDEAFC9E9E9F8A936D5E179300D5009B77F14E99715DCE15CF8B9EEF38CA20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:24.224{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6B6B09EF87A88538CB954E2E6B36B00,SHA256=F669AA85E7C9A68E50FD68A334ABEC2D8D706B34891695ED3C7DE474441AB9AF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.433{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.526{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41D6C0B0AF227394D11AD5F319503696,SHA256=43A849137D1239D1F6E6B5F7B87EC7AFBD25B5D753370FAEDF1C726F3473E9F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.526{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86090174085BDEA621AFF6517D806C73,SHA256=5A6B7397F958DEAF534CF22B50211E1081CB23C926954967E57F2ECEA5BEF50C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:25.224{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40BBC4E51E0E8E3A30F9944B2DF6D874,SHA256=D35E02CA7E4A4A8D608F5B635A862E2B4AB428D05E31F6C941E63D0D8540C8CD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.245{49C67628-6081-615D-7E02-00000000FD01}908372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000119811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.598{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50537-false10.0.1.12-8000- 10341000x8000000000000000119810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.105{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000136427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:23.522{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64547-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:26.240{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4F55E9A93BCACDD25D6D74815C95A59,SHA256=2E010A50EC7BB91ABE526549B947DF4A9B093A315A4F10984AC33FD3B00AD58D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.980{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.542{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB389CDA6D5B3BAA9F1C8A284C3942C0,SHA256=4650EDEFAB00D24B91BCBCAD47F8E370D98D740C2B6C8A1FFD7543DFC4D27AD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:27.557{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B11263F83EA13F7FEDD7F2C1F598EA8,SHA256=601325F2518191923AD80AC14C5C0EC54C27A5655776900C7546CC883C903F62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:27.240{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=327D2B588F9257F92ED61A83FD5FA43C,SHA256=5CA095808E9BCB6D76D914853238E1E7A8914046AC39184A1524256BAEC50A76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:28.573{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3724BAE7FDF636BD248F7EE5D83076A5,SHA256=FD4CA73055EC9B0695ADD5F61F80EA486DA609706B14F61C7B9BF6DA4AC676F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:28.240{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89FDA4776C5399F91BCC21C165DC1985,SHA256=14CCBF8A5818EB31352E035C2D92F4D703A73914607E1552D96017F092D2B04D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:28.042{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7278BC51883CAB33742C2B582FDF0135,SHA256=235B7F322C4C4E1526FCD9BB2A1E413A55DABE5065C1165DF82F35968BA2D22C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:27.708{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50538-false10.0.1.12-8000- 23542300x8000000000000000119832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:29.588{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=523328BB1C0F32F4C78DB128261B5F62,SHA256=0607FA2DAB2E79BC0F9CE54CD5168A82AC3DDAC43B043AE100F93B24D89D490F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:29.256{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6EFDCC2A395F897F4E353D60A1F5D85,SHA256=86B484807B3B7A07D1254D29E4ED224E598C6480B4B9CDB1CF42597ADAA388CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:30.598{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D2B5FC67A57E11209A5AAABE064DC4D,SHA256=8BFCF40733F6EC1EB0791847072594A79CD88D4ABC9E9BC223A907F72D23DD0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:30.264{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=926CA05CE338C9F8B1A80887C82E2D02,SHA256=427E59BDF6FFBBD5177E6597FF8DF357645C67E12143289F5DE3C269620EB30B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:31.614{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14FFE82D40D7F85500114C847EE7E34F,SHA256=EB95A00D27154FBF256C061F49D8BE18B1B36A66B304D7314980F8BD392DEBC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24A27FCB6A62D2AC8BC55B5DA081F5FF,SHA256=10604A52122A2001117A2ACDD343808A84B16133E0CD38B071B466CB52E121DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1f3a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.936{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 18141800x8000000000000000136592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 17141700x8000000000000000136588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}1045684C:\Windows\System32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6a73d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x147aC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\themeservice.dll+3de3|c:\windows\system32\themeservice.dll+26c0|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+396a|c:\windows\system32\SYSNTFY.dll+1fc3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49e78|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000136565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:29.350{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64548-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.827{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14A9AEF309DC80A708A187BE5B68FE8B,SHA256=6A57329C958F30CB20CC24B059D7E5BC229641E6AB1170092BBC8FDB114C1C93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.780{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3DD8E6D1F032F4ABD4E9265E2B5B0480,SHA256=C8B1EC6486F168D25DA6FD189F3B3C4160FC805068C985C44F91AE21A8F82244,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.780{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B621057F00F8DCCBE196398D66BE784C,SHA256=CC43CA26B286BA7A5DA92B2017892BEFF87CC3284BDDCBB0E01F84525345F4D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.764{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C919154E373630B84F7AA2402FF3FDAA,SHA256=BC4D53E8EF966D19FA82C056A1C7588D5C6F9EEC19FDF149A20C371C62F531B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.686{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.686{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.670{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.608{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-6087-615D-AA02-00000000FC01}52765336C:\Windows\system32\LogonUI.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\logoncontroller.dll+2eef5|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-6087-615D-A702-00000000FC01}45206072C:\Windows\system32\csrss.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-6087-615D-A802-00000000FC01}26801264C:\Windows\system32\winlogon.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\dwminit.dll+2d11|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.506{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{6EDEAD03-6087-615D-0575-1D0000000000}0x1d75053SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000136531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+1d1c8|C:\Windows\system32\lsasrv.dll+1c3f1|C:\Windows\system32\lsasrv.dll+1b140|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+1d1c8|C:\Windows\system32\lsasrv.dll+1c3f1|C:\Windows\system32\lsasrv.dll+1ac10|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+195f6|C:\Windows\system32\lsasrv.dll+1ab9f|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.467{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.467{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.452{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.452{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-6087-615D-A702-00000000FC01}45205264C:\Windows\system32\csrss.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-6087-615D-A802-00000000FC01}26806108C:\Windows\system32\winlogon.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+193b7|C:\Windows\system32\winlogon.exe+22617|C:\Windows\system32\winlogon.exe+2b287|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.439{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3a0f855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000136511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a16d|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.420{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.420{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.420{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.405{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+4689|c:\windows\system32\themeservice.dll+3fdd|c:\windows\system32\themeservice.dll+3c53|c:\windows\system32\themeservice.dll+2675|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.405{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.389{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x147aC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\themeservice.dll+3de3|c:\windows\system32\themeservice.dll+26c0|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.389{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.280{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.265{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.248{6EDEAD03-6087-615D-A702-00000000FC01}45205260C:\Windows\system32\csrss.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\winsrv.DLL+1ef0|C:\Windows\system32\winsrv.DLL+17e9|C:\Windows\system32\winsrv.DLL+1579|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.233{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.233{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.233{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.234{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x8000000000000000136487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x8000000000000000136484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x8000000000000000136481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x8000000000000000136478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x8000000000000000136476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 10341000x8000000000000000136475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.217{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2387f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.217{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+2380c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.217{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+237c4|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1ac1c|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000136461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1abf6|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000136460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1abdc|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000136459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-6087-615D-A602-00000000FC01}55566092C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\SYSTEM32\ntdll.dll+8c63e|C:\Windows\SYSTEM32\ntdll.dll+8c3e9|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+1d5e|\SystemRoot\System32\smss.exe+1b09|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5178f 154100x8000000000000000136458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.188{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000013c 0000007c 10341000x8000000000000000136457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.186{6EDEAD03-5024-615D-0200-00000000FC01}2964852C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6cc4|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+1a7a4|c:\windows\system32\lsm.dll+1aa31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-6087-615D-A602-00000000FC01}55566092C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\SYSTEM32\ntdll.dll+8c63e|C:\Windows\SYSTEM32\ntdll.dll+8c3e9|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+1ee4|\SystemRoot\System32\smss.exe+20a1|\SystemRoot\System32\smss.exe+1c92|\SystemRoot\System32\smss.exe+1af6|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5178f 154100x8000000000000000136445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.163{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000013c 0000007c 10341000x8000000000000000136444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-1300-00000000FC01}9321936C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5024-615D-0200-00000000FC01}2964852C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6cc4|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5024-615D-0200-00000000FC01}296304C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\SYSTEM32\ntdll.dll+8c63e|C:\Windows\SYSTEM32\ntdll.dll+8c3e9|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+36ee|\SystemRoot\System32\smss.exe+3c31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5178f 154100x8000000000000000136432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.152{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 0000013c 0000007c C:\Windows\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{6EDEAD03-5024-615D-0200-00000000FC01}296C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 23542300x8000000000000000119836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:32.630{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5BF3ADACEFF983A5BAEA0E7A5D6FF92,SHA256=F32A05FCFE8A1916A0856609DD5CE1A67BC1D0F209CE1E76981BF695CC7C31AA,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000136852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.983{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 18141800x8000000000000000136851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.983{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AF02-00000000FC01}5816C:\Windows\system32\atbroker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-538E-615D-FE00-00000000FC01}2316340C:\Windows\system32\winlogon.exe{6EDEAD03-6088-615D-AF02-00000000FC01}5816C:\Windows\system32\atbroker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+15b13|C:\Windows\system32\winlogon.exe+3b284|C:\Windows\system32\winlogon.exe+38b7a|C:\Windows\system32\winlogon.exe+44b92|C:\Windows\system32\winlogon.exe+b12f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.969{6EDEAD03-6088-615D-AF02-00000000FC01}5816C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4,IMPHASH=9E9F046950193A8BA7AB446E4274C9D6{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000136841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2b2a|c:\windows\system32\SYSNTFY.dll+15cd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49e78|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|c:\windows\system32\lsm.dll+23fc9|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82744|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23fc1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82744|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284500C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|c:\windows\system32\lsm.dll+23fc9|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23fc1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+2de4|c:\windows\system32\lsm.dll+57af|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2dce|c:\windows\system32\lsm.dll+57af|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+5f9d|c:\windows\system32\lsm.dll+57a4|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 17141700x8000000000000000136793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104844C:\Windows\System32\svchost.exe{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\termsrv.dll+47f71|c:\windows\system32\termsrv.dll+549f2|c:\windows\system32\termsrv.dll+22ee6|c:\windows\system32\termsrv.dll+22763|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 154100x8000000000000000136783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.927{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe10.0.14393.3503 (rs1_release.200131-0410)RDP Clipboard MonitorMicrosoft® Windows® Operating SystemMicrosoft Corporationrdpclip.exerdpclipC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=D887E718FB0F4C99B9F01C5BD59F8B90,SHA256=ACFA1128B4EDD953F6364FA6216337A59C0522A01349263A11259A827838A56F,IMPHASH=5A464814303942D42A66B561CF697F26{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k termsvcs 10341000x8000000000000000136782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23e0b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 354300x8000000000000000136744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:30.274{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse93.104.65.47ppp-93-104-65-47.dynamic.mnet-online.de50324-false10.0.1.14win-dc-676.attackrange.local3389ms-wbt-server 10341000x8000000000000000136743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.795{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 17141700x8000000000000000136736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:38:32.795{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.795{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+b4ff|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.780{6EDEAD03-538E-615D-FD00-00000000FC01}1002636C:\Windows\system32\csrss.exe{6EDEAD03-5041-615D-0C00-00000000FC01}828C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\winsrv.DLL+7de7|C:\Windows\system32\winsrv.DLL+17e9|C:\Windows\system32\winsrv.DLL+1579|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.780{6EDEAD03-538E-615D-FD00-00000000FC01}1002636C:\Windows\system32\csrss.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\winsrv.DLL+1ef0|C:\Windows\system32\winsrv.DLL+17e9|C:\Windows\system32\winsrv.DLL+1579|C:\Windows\SYSTEM32\ntdll.dll+5178f 13241300x8000000000000000136732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x8000000000000000136729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x8000000000000000136726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x8000000000000000136723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x8000000000000000136721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 23542300x8000000000000000136720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.764{6EDEAD03-5391-615D-0E01-00000000FC01}4800ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpgMD5=F6E469F8D6D5E6E8737F10BB278D83E5,SHA256=7749E98AA4232E8D94207832919AE91F8506774D9DD1FAD6B735A3D450608A2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.764{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD1EA3309F2F413D0C783171C5A2232E,SHA256=717B3846CECD408BD7A49B4C80E390D5F2D4E81F5556C799C324F9862066D885,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.748{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.748{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.748{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37172|c:\windows\system32\rpcss.dll+3df8d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.737{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\System32\TSTheme.exe10.0.14393.4169 (rs1_release.210107-1130)TSTheme Server ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationTSThemeS.exeC:\Windows\system32\TSTheme.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=D5E6B1DA9AEE1CC85A50894A07700B98,SHA256=3A22AAA677B8B658386F6A22ECFB36795DC1BE55AED591FEAA05CA8D36973464,IMPHASH=851EBF0BAEED8A212E02B93229FDC674{6EDEAD03-5041-615D-0C00-00000000FC01}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000136698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000136686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000001) 12241200x8000000000000000136684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1 13241300x8000000000000000136683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000000) 13241300x8000000000000000136682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000000) 12241200x8000000000000000136681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0 13241300x8000000000000000136680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000001) 12241200x8000000000000000136678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1 13241300x8000000000000000136677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 12241200x8000000000000000136675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1 10341000x8000000000000000136674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+2f9b|c:\windows\system32\lsm.dll+5727|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2f4d|c:\windows\system32\lsm.dll+5727|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+5f9d|c:\windows\system32\lsm.dll+5718|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+56c4|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+1d1c8|C:\Windows\system32\lsasrv.dll+1c3f1|C:\Windows\system32\lsasrv.dll+1ac10|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+195f6|C:\Windows\system32\lsasrv.dll+1ab9f|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.436{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D7E5748AEB455F46F37945C73EEDB9E,SHA256=FE7F87551404699A372A86111AB5273109DE837D1B8CA2CDEFFA4F25D410CB6E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.248{6EDEAD03-6088-615D-AC02-00000000FC01}41002268C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-5041-615D-0F00-00000000FC01}104844C:\Windows\System32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6aa58|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.077{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB69AD97400971BA2B97282DDA231FE0,SHA256=C12DEB805173366217F7C39E877B1344395CE228649617D9212A6234A7CF33AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.047{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF90AE1F80E826F5DE8A3A7F4762CF7F,SHA256=D72BFC04B45665F8B3ED185EBCBC469EB95B9094547DE0F6218D112C63DED443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=79634086EDD8A7013FB702824D49FE6B,SHA256=73ECD83F190E8A8B2FAE586CC4A372B8C2539D097ABA927EAEE8F3D80BFB8F82,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0F00-00000000FC01}1045684C:\Windows\System32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6aa58|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:33.645{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C451FAA92C08930F14E1574DAE8D7CF0,SHA256=588B4F2104831416C10A0E19BA262F542B7D7EBD82BD8F48FE174021381D7703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.530{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89E6411FDEC0F9B1FDFFFF73A31CA9F2,SHA256=1B23145CCB9DD900AF12EF28411CD8462B9DFF1B695B80400ED143A74415E1EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.234{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.217{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B57C312F75F14FE213A69C0A0FBC7EBC,SHA256=6D25F6D65663595515597CE6A62C4660F0A4731A42FA7B09B58212031BF7878A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.217{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=4B2FCEA284C66913A1A3DC98B1FFDF9C,SHA256=58C0E298231CB9C529F4D70CCCF86694B9A5341126EB142D46A9A18B6FFC5D73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.170{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE7917A7DD56769E7A3B667D0F09B78,SHA256=3A9FC61C5F7710DE68E58B998491EBFCCD1F6F8C63FD2E4D9F48C212A5F8D3D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.123{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=050F68399E03377D42B006A118D90454,SHA256=05398BC39ADDEC1BDDB364F08B7A537B552DE4CC0AA0C2DFB64720D80B37BFB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.123{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF90AE1F80E826F5DE8A3A7F4762CF7F,SHA256=D72BFC04B45665F8B3ED185EBCBC469EB95B9094547DE0F6218D112C63DED443,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0601-00000000FC01}4324C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-50C8-615D-8500-00000000FC01}3384C:\Windows\System32\msdtc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5061-615D-7700-00000000FC01}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4500-00000000FC01}3680C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5050-615D-3700-00000000FC01}3376C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3300-00000000FC01}3112C:\Windows\System32\vds.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3100-00000000FC01}2264C:\Windows\system32\wbem\unsecapp.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\system32\dns.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2E00-00000000FC01}2372C:\Windows\system32\dfssvc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2A00-00000000FC01}2944C:\Windows\System32\ismserv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2800-00000000FC01}2924C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504B-615D-2300-00000000FC01}2628C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2200-00000000FC01}2552C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2100-00000000FC01}2544C:\Users\Public\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5042-615D-1F00-00000000FC01}2156C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1400-00000000FC01}984C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1100-00000000FC01}380C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0E00-00000000FC01}988C:\Windows\system32\LogonUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0900-00000000FC01}572C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0601-00000000FC01}4324C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-50C8-615D-8500-00000000FC01}3384C:\Windows\System32\msdtc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5061-615D-7700-00000000FC01}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4500-00000000FC01}3680C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5050-615D-3700-00000000FC01}3376C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3300-00000000FC01}3112C:\Windows\System32\vds.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3100-00000000FC01}2264C:\Windows\system32\wbem\unsecapp.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\system32\dns.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2E00-00000000FC01}2372C:\Windows\system32\dfssvc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2A00-00000000FC01}2944C:\Windows\System32\ismserv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2800-00000000FC01}2924C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504B-615D-2300-00000000FC01}2628C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2200-00000000FC01}2552C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2100-00000000FC01}2544C:\Users\Public\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5042-615D-1F00-00000000FC01}2156C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1400-00000000FC01}984C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1100-00000000FC01}380C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0E00-00000000FC01}988C:\Windows\system32\LogonUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0900-00000000FC01}572C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366e9|c:\windows\system32\rpcss.dll+3bed2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-1600-00000000FC01}1292756C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+4689|c:\windows\system32\themeservice.dll+3fdd|c:\windows\system32\themeservice.dll+2870|c:\windows\system32\themeservice.dll+26d8|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.045{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.030{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.030{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.014{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.014{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:33.014{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1f3a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5391-615D-0E01-00000000FC01}4800ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpgMD5=F6E469F8D6D5E6E8737F10BB278D83E5,SHA256=7749E98AA4232E8D94207832919AE91F8506774D9DD1FAD6B735A3D450608A2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:34.661{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=261F7D13240A74887D3BF452D026A314,SHA256=89FD74542527A61A1EC24C48FF9EA7F3B1F0F0302DEB9A94188DD17807E36686,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:32.780{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50539-false10.0.1.12-8000- 354300x8000000000000000136996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.750{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64549-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.750{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64549-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000136994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E055EA93EC239B72C1066FFC1D7DCE24,SHA256=D5C453BA7D476B6A5D6B162BA96AB197AA3651E2686C2B965D73974CF22271C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.655{6EDEAD03-608A-615D-B302-00000000FC01}49565128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.468{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.155{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=606232E0A1F1980DED116F5A2FFB2222,SHA256=7F98FCFE4D938F08E1F20CEB67B168FF949162641CDB0DCA8041E702E1EBFD7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:35.676{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DD260E4A65C37E0374E83F1C47AEF39,SHA256=0139767A260973ADA3053D9D7CC4F6EB2F912B6BC544A5E03808F7628EA454E3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.812{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.733{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81D1B966CFE48AE19E9A46B6AB125691,SHA256=224ECD139CB26D4AED59DFDCAB0701F5C958284255DEE7B10CF62409B1E025F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.545{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E1745B7C58FDC924F13592CDD5B5E0E4,SHA256=CED892A63F206AE50C86390596961D13EE31DD1D14CF7D5F7292D8C5FD1D9536,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.374{6EDEAD03-608B-615D-B402-00000000FC01}12801744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.264{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.140{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:36.983{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7100852B7010B5FAF67ED1C54267214C,SHA256=AF9D1E2A5F710634F492005BB2CFDF743D679A5BEF4793C4DC9A97C1D9D61EC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:36.952{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BC16C941C346B9F073F9B5510F9D35E,SHA256=3B6AD66E544F5963266650A2E82020E5A30FEEE6789E06C8511AA8BB8E0F64F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:36.692{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D4AB194F9CF2EA49316D40AE6058207,SHA256=FEC87573C96C08F27B29DA0F679B5F4EDCF2ABFBA1805341FF8459C83DD4F80A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:36.092{6EDEAD03-608B-615D-B502-00000000FC01}55161160C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:37.707{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=702A0925E9527D1AEB649B9E6D7B6AF6,SHA256=2683BF82A582622F9A32E06FDE3F5D0ACC4831F1F88AFADCF2CC91B0ECB9A821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.952{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88047028CE9E752A49C354438064BCA6,SHA256=C43FE2281144AFF68AD9698E6822186F8B67426824277FBE6E3756A83AF7EC3B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.733{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.531{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64550-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:38.723{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB687EB12BFB0246004C3287387A2DD1,SHA256=D81113304D5DE344F440028D1B49261FE20EA18AB4204952F817C33F32ABE120,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:38.967{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A344F5A228E810C1F40C29B8C58F149A,SHA256=110482999E7DB1A0FEC9591DC1D6EF3491E662256EFE39DCCBA32613FC00351C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:38.795{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8FC110B9AD2C1D93EB5E6F34C8D3773,SHA256=B580234A4802BD1456B754F72979F103B6B65F4C8D4FA00C32EC12E1944DCB85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:39.723{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D45E9A8EB6368878E95D02D3FCB4343,SHA256=82C54E0ABE405299170583DC1871EE9DD2235C8F01D31E9507A1109C3FF8B689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:39.983{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFBA766E6E6242A99BB89494D9E05280,SHA256=67A2DB9C8186DB6A3C96A98EDFAF16BB611748548D4001B3AFD0735F5B4F5161,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:40.738{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05EACB3BE58E90C42B6CBE53A6C1F4C1,SHA256=B8AFCF4F63774039959E428100880A5354F2F7751ED254AA326F3A90A4BF2597,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:38.592{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50540-false10.0.1.12-8000- 23542300x8000000000000000119846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:41.738{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD516B3FB6A9DC3CEDEE0C12543D0CEC,SHA256=F1C1548382FF4C220F7CBD1C0541E5AB753B65EB751016E541BE8E2C6B0B7C30,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.420{6EDEAD03-5041-615D-1600-00000000FC01}1292756C:\Windows\system32\svchost.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.420{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37172|c:\windows\system32\rpcss.dll+3df8d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.394{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{6EDEAD03-5041-615D-0C00-00000000FC01}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 23542300x8000000000000000137033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:40.998{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=530B1B8343AF0B60549BAC4A3264BA15,SHA256=33E9C5995CDE713061DC875C227072FCCA82AA9A91BED601388FBCDA32FC35D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:42.754{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CA047AC75FFC1D18C2D5C8988F605FF,SHA256=07B25651D1795F7960D1C590AA4DD02560703233619EEE521B5E46F05EE045A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:42.623{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2BFC531044C3249505D362780341D7E,SHA256=2DD22C9483A410A61750529AEC18231B0F3CC8BEBDE2C9676E12973249D26C36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.998{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DAB1C091B988BF1B9D94E096C734608,SHA256=C6905DB34B9512A0E29F0FB8ED443A23CF0451FB4C0CEFA32AA3CD667218D43E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:43.770{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F75A3A2D3D6564891809B1FDD7D5AA9,SHA256=A66FBC5B861A07D0894D226E3582C250C41DA99C9B4D4AE5FFAA46EFAC5B25BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:40.577{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64551-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:43.014{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEE70CFFDF69A598C822682CD40E75C3,SHA256=8D841BD67A00B18EB14B645400045394B97A89A4DD77AB6ABF82B00EC3F6B23C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:44.785{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0ACB6BCADA305FD0B7DA64FE5F8772C,SHA256=21871C3146253B4157EFB1DC4E60E17FD5C1B8C4A685F2FCFE90B519355520C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:44.238{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:44.014{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46E1CAFD67A48E56ABA6FBB6197A8350,SHA256=601F5E3DB357386C8A5B5A56B5FA265440B81E7C9C3ECE7AA03B42D207FDFD06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:45.785{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BCE691F709BF7347DD3483C57D356C2,SHA256=4811DB8DC0970A9D73908F78AA3B85F7E1D96F86AEECFC1933C82C4A100726DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:45.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED6FD5BA86E01893FDA9596DA3AB3572,SHA256=38975A4EC149B2C50BA3C4DDEADDA821922DC53E2A4E515C1528606D0017EBB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:46.801{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FFBEF546F3DE62AA3A5329CE2C8DBEA,SHA256=FDFA4B27307878C44ADF6F8FA514879F3E5D8D32DB0DA6B9954F25AD5A0EB0C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:46.045{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB39C1BDEDC6BDABFDABF1BA6CF86B06,SHA256=29A12C233F2BB4A2530844F42AAF21CD7C48866A96A905CFF1CE3C5CD48863F7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:43.748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50541-false10.0.1.12-8089- 354300x8000000000000000119855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:44.592{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50542-false10.0.1.12-8000- 23542300x8000000000000000137051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:47.108{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E2E42451644A8E1524DEDF61D03BE0C,SHA256=660E00EAEE0A6DD50E7296A74FDC6FA0DCC583D3FC0A14D3B0027B99F27EA81B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:48.035{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9035C6C8773700642E6594CDC583C912,SHA256=AAD7BC1DDDC38E8B6D63BB6B3C59501BE6E46AE73B8F44E039A4AFCB858F4ACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:48.123{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=587DFD39ECD8737EBC7B0CF5E102BFED,SHA256=AA5912AF4F5A64D72CA740EEF1CAA1C04922D1CEBDA2EF4D55EDADEE7625651D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:49.129{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13BC8B808A3899A01D0FC7ABDAFC0BF4,SHA256=FC85A34D02EFC0E90F23C1A2CB9AE05A5A228FB6C62C736DAFDD240ED43AC19F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:46.359{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64552-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:49.139{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F81F56BCA4F99B7F2E30419DE9627818,SHA256=3020BB4A024E0ADE730070AC330132F028E17BFC9927ED876E6E99E20CECFB7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:50.227{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B952DC16D1E58C22BC77B74C16517751,SHA256=A39AAF3F8E3DD51D7ED876DD59A225CD6D4CDF33DE41A0C5AC5DC670CE496E0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:50.186{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30D587406AA401291416F436DAFAB279,SHA256=FF25E4E19512EB2551E8266E04BB804FAD8D0F68F6A05BCAF955BDDBDC6978AB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:49.643{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50543-false10.0.1.12-8000- 23542300x8000000000000000119859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:51.258{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59E5FC2D46998314ACF05A2E65B5283D,SHA256=B435CEA8AFF17D59444AB473EB5A7A52F0F64360637AF4138624FF9201A6FC80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:51.221{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83A15614971A883C5A4F1B96EBBB2F5C,SHA256=9287EFD05AE8108D73FACEE28B35AE950A893BC90EA6FBDD8846620C1B9303E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:52.477{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F2DC3C847FAE828EF89AD3E04BB8EFA,SHA256=60668267FA2920305484F4CAA3E3B33E76069F163FAB6F07F0F1BAB19B683834,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:52.236{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DDFE638FD15FD4B94016D465711BC21,SHA256=E3B47C9AD0A15BA596A3489AFEF25A82FF2751788AEA4D8BF66CB3B9A80EA305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:53.918{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-067MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:53.619{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C181378170606B08380C935E4CBD0D5,SHA256=6B70D764A86422A0A3390EDCB23FE4D8AF49679B4413F6D2DDDB0F0A13DC46AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:51.394{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64553-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:53.252{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA53038C8518EE46E65C1286FEE50EB2,SHA256=EA8713E691198E591EC5B0EDA991F98FD5E4952237CF23212FE76182B94FB0B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:54.931{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-068MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:54.650{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=699DEE953FEC85464A7DF089F54DF2A7,SHA256=953254827275497B2719187A1012DA2542E2A93B1F75C58FF6E00A95B5422A9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:54.252{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5083B863DDB51763A8FB934656F81B70,SHA256=0CAD82C66D792EBCA5972CE8CA180533BD76DA61BAB2BEAC7EF5C0498777A8BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:55.697{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8590319FC014CFE7CA838C1E3F95DBB4,SHA256=3EB764AA6718E175330459DC4C92FC5C0C78B7738E2ABD481FADFE775DA0E984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:55.283{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7851DC738ECC208735AB66360BBD3EB,SHA256=61AF510E9790152FD1A67515729292F17244F746E8B9434A7E2D20851312ED5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:56.775{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E999537F484215A585DF8481CAD0F3C,SHA256=C286F8EFE77AD3238A1F076C5ECFC44D85EEEBD36E741589775A6A2C43832239,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:56.299{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFD37C0B7194C82F3AF7C5C602DA57A0,SHA256=FB8E3445FB9DD96E2B172349D6E46881E7A95A9D3458B830934A438D77347C29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:57.916{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF9EDE41D7BB89ADE7C3C0DEBE772F16,SHA256=5511DAA97DCAC004694A607D08F5580496127D2C6572C4C74692F297C1BB9D5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:57.314{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C53C0D44F1DC4694A86ED86AF22F815,SHA256=02E07C7451FEF68DB3284E21DE1F8B898832949CD562FB9CCB04FE4CB9A4649E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:54.767{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50544-false10.0.1.12-8000- 23542300x8000000000000000119870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:58.931{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA1E81CC4D1D71A8E2B12ACBC2F68953,SHA256=99595F458E3D05D90D9C0D68F95ECC194346133A971EE58F6834BAEC266D830A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:56.565{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64554-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:58.361{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E18ECB163E5A71AC960F01D848657532,SHA256=E50967161013C92645D06F0DFC65FED4B3E3F58F207B66643ABF603DCB046BBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:59.947{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E41A8598071D01FCDFB9BC6010DBDCF1,SHA256=7B09A5BDD46C56C3813856CC107742FA5AFC0DD23A00C6F462E74ECF9BA189C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:59.361{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACEE6BBCA6513EB94A39A6EB037EBCB8,SHA256=4BCAF5CEDB1B27292B2A9DC7497629B8D3F7199CE52DF13596C5F546D01B79FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:00.963{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7D83AA00F3B5CBA39DCDAAF3D7E74BA,SHA256=4A8CB3DBCCE00B40CDC568BC0A21C09B755B93ECB93BDC8A13F0E4FB920DF59C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:00.377{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0E0A8140DC1C4A2871F54C314338F46,SHA256=7C0AD3524B1A8276DEB695D99DB472E5946B1532308EA9FCEA268EEC0729AC12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:01.978{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B599834968E53CCD33EE69661F30CB1A,SHA256=5F9DDB21B07B8407CCD26839BD59D11B9ABBCD19B5563AE7FB389329077B9E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:01.393{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2705937D5447074FE561D74D0018705,SHA256=45247FEA559DC4E5D863AE5F94F41509176A6615003ECAA2D9020EB8674A7BF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:02.994{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=666EF9C3C9145A57AAD5B50129051827,SHA256=7D5BE4611ED5CC8E41D7E2BB6D45209CCD540EFA79E9CC15B19DED8D1428BA6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:02.408{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FA0C4A67172C487D9BFCF03E1F09E64,SHA256=823C0C6F107D42FB4099C02AA51FB335C32DC6DDF2874E2A2F3AFA24801A6692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:03.424{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B507D047CE713CD67BF8530FC6F3804D,SHA256=A428157680635C55E21C08159880BD06E3EEE4757DFA7559FC6D77BF0EBE80CB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:00.613{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50545-false10.0.1.12-8000- 354300x8000000000000000137074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:02.534{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64555-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000137073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.911{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-5024-615D-0100-00000000FC01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000137072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.663{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-067MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.442{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8323C9D36AD17AEA8DA58AA8D7474788,SHA256=7A56FA217C0F83121F90A0F4BF5155AD15274DD6CC87E181BC816CE6B2FA6ED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:04.009{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDD09F48A104971EB80B306F149C529,SHA256=EB48B7E561E7EB85683AC020480A39808270CD3D4D0A3470281E1C5D42170309,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.941{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F82CEDFA5509FA90F03BCC17F3579708,SHA256=D57F6373A8ED80E71469643F2ACB15AFCF6B855041ACEDCC5865F203F626AA80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.941{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5C1A34924F1A345C9BDC96C6A95986E,SHA256=3A38A2425338280FB4905FC76DA8AD39A4A1D98ACBFB2C1651565247BF8857C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.662{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-068MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.489{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=070A188C6DFF94621447AA60A12330C7,SHA256=80635480E5E01EA892BD764A663C87EA8D3E323C77593D956B44C6C18D39EEC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:05.025{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=857C7B3EFC4F346002F0D99A873E90FA,SHA256=B1CFEBA05764781750EB9BFFD3BA2584CFDA3D2443E8A383EB24B08900A13144,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.241{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64556-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000137082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.241{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64556-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 10341000x8000000000000000137081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:06.616{6EDEAD03-5041-615D-1600-00000000FC01}12924928C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:06.616{6EDEAD03-5041-615D-1600-00000000FC01}12924928C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:06.506{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52605BD69D6F4C050D91DDC36A8DCF89,SHA256=20ECF369DD6E6B15E65B1F24EB11049573D61B513EB4F0DDF5F39680DD211512,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:06.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C51006271E3626B0372333599993F31D,SHA256=167FD21BBD1C29CE92068267CD9876C4F6D4CDEC267CE2370D78392384099431,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:07.538{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F44BE187BB9C185D40EE6B4802D5B910,SHA256=7E2E3CD0ED9CC307863F4C4D8BDD3A1B7488AB5C97C9A7E17806D3D8AB974086,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:05.675{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50546-false10.0.1.12-8000- 23542300x8000000000000000119879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:07.056{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68003013A5C0A477EB2FA4684172B61C,SHA256=5FACF78C49C6CB07C5C010F320F679AEA4D46242400A305206CFAE4CED0526FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:07.022{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=BDF285CF55DDAF315E8B8BDC2A19442B,SHA256=1299734FD0B33D2DDE9183C3E28A7E7D3319A6E554006421A0CE6DDB01EF59C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:08.553{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A35740ABD118A36054E4657132279AEB,SHA256=0533EF7EE370F3E422C16F931E883E0D6B897D80A37BFB1F6C2A0A5B746B2B65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:08.743{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=6093D5548214F8283C6EF21C120F61AD,SHA256=571D011AD5E6ABA4D015962CD4078A151129B624159DD4383D76C69D5CFFD7B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:08.072{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01B7A9ECCBFBD667F7181E893EFF1AF0,SHA256=03ECCD249F185BA8D91C47891BD33209D2498C68E77AA90410A13F46C898C6D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.569{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=170B09B2B05D70DD4A9DDC8E0887C5EC,SHA256=62745F64E8CFE70CBA9BB3E01A66BBB41F6ADBBFC51E7B88D23126CB4564CA08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:09.087{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4637125C373911F6A943226593E2BE8A,SHA256=F389012B8E578B5ED62543CFABA056B6D464D82BAFF64F8402FBEAEFF6EABF88,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:08.507{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64557-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:10.600{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46D7651C9376944763FE98C22507E14E,SHA256=BCC385869AD81BAEC1CB531F5A1DA932E794E936526C66A652510BE9C9A9E181,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:10.105{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDF81B2A9A9D59C8446370EECAC255EA,SHA256=5C19DFAB15602A8F314CC73133FDE1AFDD542CB1A17214F87095377A46E8EFD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:11.631{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A8969D7F7EB455D4C9C524B55E6A1BB,SHA256=D5871D9E5F54AED5DCF1FFEAA1056A999781D32307E6D582C6BF5466DC1D18B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:11.106{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CB1A110773D1EF398E9113B98E151DD,SHA256=EF26C5C2F60616F4B0172A13D9CDF9A27DF7886A4DD49A2C514B4E1B51D51F36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:12.646{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=624330685279C2AC17C5C34E46A151A6,SHA256=63F7CF442A7976FF52C5CEB2ED4F12B940BD02FC26E6FADAF02B649D445367D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:12.107{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03432EB4A550C027AA5ED3469F4B8E81,SHA256=108D5B3B16439C15B3242DEB19E2A72752FD9D60DA8AC6F85D94B542E2F12D0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:13.647{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AD0380D3BD71E798489148CB8F87754,SHA256=CB8B91FF0F3520B1C6D49EE09BA8C768D76B8ABF6097208D2D3BE7D441E0AE4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:13.123{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=400800A8EDE1C976B60C8388D0595B37,SHA256=C846AE114FC51F9BCBBF244AC434721939FD1879A01D0C577C3F8B8CF0D3E395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:14.662{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF9BC9976D3467651BFE22C5C725B1C4,SHA256=E8D0A582F13CAD94E6D786FEAFD3C0EA9ABB0D2A44236F164847DB3613DB016D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:10.740{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50547-false10.0.1.12-8000- 23542300x8000000000000000119888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:14.138{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89B8D3C283F57A8CDFFE89785AB6A82A,SHA256=A4C8955F7C3F8C26C9EAC8238C41B587F7E14966EE8C356CC23CDA8A1FB48CEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:15.693{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1F344A5F9244BCD72A665297A45545B,SHA256=B921594E9E9333E05DEA3C0CFEC6DFF0BC3A135362F5D9DE49286EADD079F83C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:15.154{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39CACC34149B38E73C63AFDC3E5D4519,SHA256=A06C7CEED76875DD141DDEE1431225FE2BF2E7DBEBAB16419650A45F6CB1A13F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:16.709{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E222CDBECBE5851EC3D6AAADEACB73A8,SHA256=0D29B3C9B985353D6D902A0F7AD4EE4AC415D5C4C057942F4DC61DD44680FE53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:16.169{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=693D987A087E842670A9330B7F255236,SHA256=59DB8F8B1183CD1F84B310526C10B4AF72009D3801513E707B1D0D36E13A59BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:16.678{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=670DA25B8FC97A15E362572FFFAF8D39,SHA256=3E680F634D2788060F903797A8035AD37DF09B10935B86C881270E62DEB6E2C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:16.678{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F82CEDFA5509FA90F03BCC17F3579708,SHA256=D57F6373A8ED80E71469643F2ACB15AFCF6B855041ACEDCC5865F203F626AA80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:17.725{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2478178380155B4D5F1AAD460D15D72,SHA256=199C3B10EDE24A8FA8C124DA560073376ECAF080007BAF2DF943639834757A1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:17.185{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAF6B33F1B80ADD0696285BDE5D2C738,SHA256=AF88ACEFE3ACEFC24BD45FA5033341576339E219325F40C0DE905DA8C3376D4A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:14.413{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64558-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:18.896{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:18.725{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9BBC0876462BDE95EB1B64A241DD53E,SHA256=7E59C40566931E6F9F367D5C6004A0A08EF02FEBEC39104CAC34727934CC0D48,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:16.617{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50548-false10.0.1.12-8000- 23542300x8000000000000000119893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:18.200{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=194578D642C59F9CC8E4B4705913D80C,SHA256=3665D6B4EC17928EC04E5D3D57FB00D4DC7F05738DA7E66AE84A90F20173E53C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:19.756{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A55EA0D99AFCFA5709D61D3A65AEA6B,SHA256=D2A02F039A8359A21C01CAB7A02F9C9F07C872539DE9A1BC6A20C4ED22737885,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:19.216{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=565BFB1504D347E26CB130971BC7D1CB,SHA256=83968781C61F39BCF4654C49BE22571AC31AC9772A8BD0AA655ECC2425117B83,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:18.194{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64559-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:20.787{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66185783CACD38DADFE4F0C6CB20C350,SHA256=982A6283D1A2B3E91692CAD9AEC6C83DB93BC69F961306DB911FB44204C6A6FF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.967{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.450{49C67628-60B8-615D-8002-00000000FD01}128432C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.295{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.232{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCCBBCD2E7AA71E140546DFE1044C818,SHA256=03E7ED2D43B8D70887829A9D6B804584CDDEB5E1F80C1F134A6D978BF70A0752,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:21.850{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=128AD06B3FB1840ADC41B5209DDB3DDA,SHA256=838E7B684409927446659F42EAEAD207E4344F49D6762CA14E16385D2FE16DED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61369682CF017E80E67B474D85FA336C,SHA256=65383E3919C4A2D7D49F028C478502C23EDDFC40262208D70B21C804C4EEED42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B160C93DA88610EB87825D952C8B3AB3,SHA256=FAA4F10A33F7609F612C476BE326116D69A9FF67E5E641987163B92B718B5314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E5408A27F3BC375AC9FCBA945239E7C,SHA256=10B34F2A65270329AD7A6B19BBF739B3889934EE9A783E03CC07BE72B435BE94,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:19.554{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64560-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:22.851{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6943CE553B949E2DE1C200AC4FD153BE,SHA256=24AB821C7CA1ADD8FEAFE46F70890078317201CCDEE2EE1F87CABF226F96CEAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.528{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42B8C435A353B4209AD3573EBAD2ACF8,SHA256=DE82EE7E4C6FFBEDA73842020301C5985AF1FEF8BB6A5AD6BFA15984E93550D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.279{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:23.898{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D93F6F669551525E6070FFD695C4323,SHA256=78AA46F7B794F9F0EF0558E766B4A65F3E2456E968A908AFB257EA2BB30D6D41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.591{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7365C03382A22BEE0634466E355966CC,SHA256=341AF832D519FF04A237D7B462605312A170FFB222EB1FBBCEF3CBBC6D133111,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.513{49C67628-60BB-615D-8302-00000000FD01}39363024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.373{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.278{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61369682CF017E80E67B474D85FA336C,SHA256=65383E3919C4A2D7D49F028C478502C23EDDFC40262208D70B21C804C4EEED42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:24.913{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D336B50AFD994FA1A00190B26222FF3,SHA256=8970291A10732339DD0F17A7028076B92094193D0A5E1D9A85F85E34EC07A4F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.936{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.653{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A232EB014F21D0DAF8BC09782331ADD7,SHA256=3C9A1B6E2AEA6C6DFB82DCB193B67469AB907977446DC3ECDEBD23311DE42FEE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.591{49C67628-60BC-615D-8402-00000000FD01}18083064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.528{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42EFFEEFA5C45B6374FDA1E58C81AF0A,SHA256=A2A078BFEBC75531B1BDD591371B32804E4E01DE0403C08AB9C01DD5B2B3F7F8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.435{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000119957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.788{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50549-false10.0.1.12-8000- 23542300x8000000000000000119988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:25.700{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1551ACF8DA481FC7C98F260D8D614231,SHA256=B901279DB5742AE7C1891D38CA1F6EBBC84695C696EBC4848DC2186BA8634665,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:25.913{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15A5A897CC723B28BF2681961F143A23,SHA256=C9557B8400C610EABCB3D84A4EEAC6EF6E02C5DEEFBD55258C6602EB91F23600,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:25.075{49C67628-60BC-615D-8502-00000000FD01}19963084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.982{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.809{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01B0F524E5FCA936B40250E6A3363F73,SHA256=2ACED396BE02A5DE3992573672DC7202F443314A3E2D7EAA50455B85DD6D5F1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:26.944{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E71ED79370B304B30812EBE6696A8E90,SHA256=F3672C542FAC7943761D80D1C6FE176E56B3E5827FE9226D3BC6D153D81740B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:25.997{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BADC459575684962AE98E777F4236D25,SHA256=0457FBDD7931BCA4508B8657B6103720CC9D76BDADB83F47662E83914C5DBFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:27.960{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=982D283C315282E25E0EB6A38ACBF426,SHA256=36F02867C8F9CAEF0F572333A2FDE6D48159EC93BA37312500A68614715F0E26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:27.840{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E4EBB1482F38BC1B1498CC57CAE5DAD,SHA256=3DD2C57DC452C8EF9664429CDA7BF6AEBD536C00EEC0F08B1306DAAB148A7C08,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:24.570{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64561-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:28.960{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8387218514F5675424DC58EB396E3C2C,SHA256=C8DFF631F198C2CC0C306BE1E43288232877BCB222249DF252B9B05CE4B5933A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:28.872{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4DE968CB1EAB353C23C0DA8BD6A1B04,SHA256=8E194E7B8AD805730E73FC0DABCB2AC449A6B9FB4D6A7723C61F09A15A0B3487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:28.106{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E8825A15861C553C927B4BFC1E61053,SHA256=273C4F9E1FFFCB7E611E059A1F0E0EF2B83898A5A161236860A639B8D3BA38B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:29.903{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B13F28CC4ED566C6AEBE9C558C02EED7,SHA256=225C697309F2B995E310243ABF6CCD8AB09D50845B52408A51EE3F618806E87F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:29.976{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04ABC9AF189D448759ACE9E49284349E,SHA256=95C73B04F64FD51168ABF4F94234C364485087456A5E731EBEA7B6563B2298E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:27.616{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50550-false10.0.1.12-8000- 23542300x8000000000000000137142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.976{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B19CEED028D469AD4AE0822D919D7909,SHA256=34E8C8CFF470F1E9F0F2E0A564FF5B87E7415DA1954834FD7404BACFACD72667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.991{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92E499E276E8168277FC22DF3326CC32,SHA256=B7A1C0942B397DA7DAF3226CFFD6F84B9AF484147219A500C0D7611776A7100D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:30.998{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=100E8D09E9550386B1019881585ED29B,SHA256=6C390A9FC7AA90D515BB01180B2DFF627D138D46BB053FA11A41A98E3687D6E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.258{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000137145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.163{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.163{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.163{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-503F-615D-0A00-00000000FC01}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a16d|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:32.107{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ED257F5EF669CE284D8423D1FA31F30,SHA256=CB854285923FECDDC8992382C474E7E09BECC8FA50C990903A7BF59B448B9BC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.538{6EDEAD03-60C4-615D-B902-00000000FC01}54684720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.304{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.304{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.133{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.288{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7B491CB7779896CBADD6D0B374032A65,SHA256=DA04E56CBB9A43D005924281095AAC65190FF69A459AD009C432BB06D5AD125C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.288{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=670DA25B8FC97A15E362572FFFAF8D39,SHA256=3E680F634D2788060F903797A8035AD37DF09B10935B86C881270E62DEB6E2C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=3F02BB4A8F71D872C238988C05D98512,SHA256=0D35CD6A3A23CA28FCB7431ABF8D449676CAC4A4FC6709DD4A342B00F6F3F14B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B57C312F75F14FE213A69C0A0FBC7EBC,SHA256=6D25F6D65663595515597CE6A62C4660F0A4731A42FA7B09B58212031BF7878A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:33.123{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ED2E21BC5D95D8795D68222488F4FE3,SHA256=E9ECA1B20D7551068477EAB8ECA5A135FE1C3652F8E7E30B0243BF3463F92336,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.413{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.258{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.509{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-676.attackrange.local64563-false8.248.139.254-80http 354300x8000000000000000137170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.503{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61651- 354300x8000000000000000137169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.492{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64562-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.007{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FF2CC2BF8A9722C9F85CA471A03D329,SHA256=F764156CBA5EB1DE7D45A6141B84FBE187AF1B5E1957432C976830AD617D1CC5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:32.648{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50551-false10.0.1.12-8000- 23542300x8000000000000000120012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:34.295{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AC673A2E10CAFF36D0910D5C7BC664B,SHA256=941E8EB7393C3B09F5EC6F275570B72E90112481AD0169757EBBD597A5FBA159,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.741{6EDEAD03-60C6-615D-BB02-00000000FC01}49765648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.477{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.257{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7B491CB7779896CBADD6D0B374032A65,SHA256=DA04E56CBB9A43D005924281095AAC65190FF69A459AD009C432BB06D5AD125C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.023{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AADA99F810579FE1F61E84EEA335EB93,SHA256=8CF3A2FDFC192592CAC09F40EB0E732F99C7FA225877E140DC87B02CC11D9265,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:35.326{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6C82AF8C3A3F5307E845295BA7E0ABC,SHA256=4DDAEEC60F87F291F4942F8E5FAA0EED46A3D08A8F0C7E9C7F3C2DBEB6ABB7DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.960{6EDEAD03-60C7-615D-BD02-00000000FC01}53801584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.775{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.585{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2852C6D351EC5988B3DA762B9DD20CEC,SHA256=31914F856FF3DAC5D0D6A610082DF8235E876FE9B2E09EFDD9B28D2937D4E86A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.507{6EDEAD03-60C7-615D-BC02-00000000FC01}53845388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.274{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.759{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64564-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.759{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64564-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.425{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse127.0.0.1-54103-false127.0.0.1-53domain 354300x8000000000000000137193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.367{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54103- 354300x8000000000000000137192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.367{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue7f00:1:0:0:98d0:63de:83c2:ffff-54103-true7f00:1:0:0:0:0:0:0-53domain 23542300x8000000000000000137191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.038{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24A05EA2990AB10B270D5CF9CE363490,SHA256=C4524EDC2A5B6FFC9E1BAF58EE9FFB6B411E375EEB31317F6161501698AA3295,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:36.435{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=457FA5D4DCF8AF557EABA7E178071B21,SHA256=C3733DB5C41D92877AF06FD3994EAA9B22E29024D2B1A4CD14781FEA76750A17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:36.788{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BAC09B1EC571372CDD66293A6AC41292,SHA256=03BBC4DA62901E2E5D78867DC002706508AEF754A9486127F19DDDF5AFE54741,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:36.040{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EA091953F716836192C2289C639CEA1,SHA256=5C96819B7D40906CF5664E4BB62550D33C9266D630FFAB4458402E19A616C57F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:37.451{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A377295F29A04DBC9F460766016D8E6,SHA256=FB64E881F3F603987903BB28959BD1FE843629DC1DE365765D21C56114886168,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.070{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BC6E151B9F7D7C6253B85D0D37209BA,SHA256=F8B404C4C52714ACC28608E31BB35CC7FEB97D33C5A6CF2F6AB114766BE40B42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:38.466{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC1FA379CEC497CBC039797554C75A7,SHA256=CDFFD326C4BC3F3E7E46C3B1BEC603D290C2CDAA236AE7C8056B789856A49479,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:38.788{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C12E83A13288D92D197E5DC10EA30A13,SHA256=A23203AF3C1E1F51A34D0E32C5D61CEE6ABDD0F9A4FF0AAB28FB97EBE8B1CD9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:38.101{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DED085DBA0F9ED5DC6660F1D47F157AF,SHA256=3A60957B74D5154D7499858A292D696DD95691E2F90128C3C2FFDB9352897790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:39.482{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F49FE533E5B429DAE8D2CF1566C691B,SHA256=1955E82FF9EC1EA3E231007A60521E2D47A51A369A5DA697C77A2F0FD6E2AF2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:36.477{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64565-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.101{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79CBF9F142668021D1898ABA2C0586C3,SHA256=A0461D36AA23D0CF826FA2BA8D80334393122FDF3EEFAEEF24BE06107876F90A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:40.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB9243DA2D1655F94A5588DE0A3A2B3D,SHA256=10997EBFF08639359DE338268B06E09D5633BF9C6AE01591672327F947ECA356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:40.116{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD08E035C5D2EC0184087245DB7BE7FA,SHA256=B6B511359E4AD203EF31CEEC29D5BA57AFC535F1B51820A18CADC40A7BC22A86,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:37.680{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50552-false10.0.1.12-8000- 13241300x8000000000000000137233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:39:40.101{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x8000000000000000137232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:39:40.101{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x8000000000000000137231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:39:40.101{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x8000000000000000120021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:41.513{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=546D4709AA6FC4FE4D1A70A26BAD4D8E,SHA256=6455231A3E63729CBCEF62FAC9B6A9625FF9FAFF3863E392D980AE6A6F24FB1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.451{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64568-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.451{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64568-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.445{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64567-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.445{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64567-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.431{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64566-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000137237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.431{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64566-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x8000000000000000137236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:41.132{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D59E9FCE42342C2883ACF61223460B99,SHA256=FCDCCFE8758FFC5B01A450484A0BB15D6F1D582B84E75AA8B7E960EC9A040932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:41.132{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AFAE3E957673B9FFF88E1A9CAC53652,SHA256=858040D07AB74906B2FA22A2CFC98E1B254647FF7DE23B35B42B9CD16BAADFBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:42.528{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4952897C6052E4792F479E5A8C999932,SHA256=21ECFE0A61A9F4D14466396F1046C239D03EC12ECCBA84FF561F0D9407F9C9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:42.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E0D9F95F373403CB206C7364F83A9F3,SHA256=0F01DDD4D10D2ECC6FD046169DDFC051A0B06DC9523E510FFEF5977F942FF870,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:43.544{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4EC3906B70789EC3010ED1730D7645B,SHA256=E3B430ED7432BBE729822674AAFF39452A6A7395612FBFE9F2AF3E39D7FF543A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:41.586{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64569-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:43.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E596B2C2E6ECF7D9588E1A865433555,SHA256=FA3B5C337B9505568D93B730FDC06EC58D94C96736A405AEB1F444E4CF9D9BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:44.560{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B04375126E2538769C395EF7C1C448E,SHA256=2C907FC33497AA80D2EC922C0359083B0D22AF551992BE4FCAE390E4C2F78AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:44.413{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C8EFE5D7D6D2F8D9E2D2101BBA2E561,SHA256=9061CAAA22DA7608A683B38DD6BA356C4025CFA4D6744A5B0664A4743288D9D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:44.263{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:45.575{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6829BB2A04086591F47F8DDCC3AA226D,SHA256=5CAB579F24F4118F7CAA0DACE81D97D975EC6C2439C19E41BF539D3143EA8C7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:45.429{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19E86FCF442A50B5CA451E660E055F7B,SHA256=9B29D213191549D5A82583014156663C5998D4FB91F1993C9151B780E5789FE4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:42.725{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50553-false10.0.1.12-8000- 354300x8000000000000000120029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:43.772{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50554-false10.0.1.12-8089- 23542300x8000000000000000120028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:46.591{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=538723A41963FDD8ED351C7FA093AD3E,SHA256=3E2CBB71628A428EE3D3989E68C0FF98EDB0EEB1F1EC652E0E616D9003094682,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:46.445{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BDFABB9F2548B61835CD93774A147D7,SHA256=4A41EFBA604AD3AD4DAB7A4E5F7379790A1EBA1B3BDCB0B214A40DA5D58845D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:47.606{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAC612D7115380D869C1FD87678A7F0D,SHA256=40085D22CE16C8EF355EFCB37B07F44988EA24E34ED528C6CCEDA2C3233C172D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:47.445{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=735FE72D07D5368BA3F479B0CF836747,SHA256=C0325D3E00E64EC92511F11A6EA9DFE72CC5E82A48EF693010983C765C026110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:48.622{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10ECAA6F0F0C612599CB51D197B811D9,SHA256=D985EB9841D309F536ABDFEC30FC77C9FF8D0E89C97B0468B155CA18FE03F793,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:48.460{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=966C9E72EADE2D7EB08D54357A7FCCA8,SHA256=25136D2BF62D20FC216703562AAD0071168A770AD294020D6003383873996085,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:49.637{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98960EB20197D0CCF21F940C413A625B,SHA256=513B35EA452436852335868E25B9E10E7189F32A9D9658D77C9ECBAB9F774D7A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:47.430{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64570-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:49.538{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA4ED835F4ECE22241B0342767F2D5E6,SHA256=4C1788BF918F9C555BE237CBDCB33C9C3A2A2C765AEBD6E00478C61124A8D621,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:50.644{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D97D9935D97910BD81238A58DE78335,SHA256=C8CF47CBA6FAA9DE3DBD7D9DC24AB055261991CB118F689EAF968D066D60784D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:50.559{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCFC404F427873AA32277732EC8720DB,SHA256=8C2F27BA0F78741B177B45CDD96C9A2FAB40D9474CE01BDF312F19FE314D487C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:48.710{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50555-false10.0.1.12-8000- 23542300x8000000000000000120034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:51.659{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE67C8EDFAD9F829C70CE9601DE23B9A,SHA256=09A4EC8531ED0C6E8FE4453F0DB4E716D721BA64D34B374B57EB07C046D8D975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:51.637{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=185E7F77BC51864EAD14705EC9E52D17,SHA256=BD7C9090BFFD7974D5035D213095845A3F5BC8D958641C0484C20F691758B306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:52.653{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C86A3C2A23EAB64BE555F915BFA753E,SHA256=03FD8FD2E7AB74AD42689D768325C79C99AA6A56C92053CFB2A65427C0D0C63D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:52.675{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F4EA6977E5C7C7B761BC66C7D9AF4F9,SHA256=AE05C89661F192A5C3A48ABA4CDA19CE0B30ED6AF8D1C34A9687FF583A6AFF2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:53.690{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6490C275317D0496CEC9B52205BA6F8E,SHA256=09E300DE7E6B05F1B53748014C2295BFA29BCE6264EE5D4D38E76A75CEEAF5B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.669{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A93238B9DAEB58A19349B1BC0B9F13D,SHA256=7B669343617E83CB9ECA97E7FD4FC3F136AAEF363BCB5E3B7C6A6B5B083BDEFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:54.706{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B079A34AB53BBC33ED43C6FEF3B993A5,SHA256=89C87A704DBFFCFDAA0FDF284C49CC02C3EB8B82FC0FD6065771B87EB4A97818,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:54.684{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33C7F94DB2AF113DB2B41D7C2DB17D76,SHA256=6334E1B9FCE9DDDB31DAD90270E479E1302EDA5F8DEBF23B7CB187327978067F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:54.372{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-5024-615D-0100-00000000FC01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000120040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:55.721{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AF21922ACB26E75CA507C621186DC69,SHA256=EC219594F0814AF1B280A571230E156D8E58B5168D44F9C5BFE82DFA2B203A6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:55.716{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D0FBEB8BE94F675A6A24F9720498B95,SHA256=64742433CF326E941A7472F1F59C71651952B67BED6584A0890D2FDE41075873,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:55.458{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-068MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:55.294{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7AF28B017499FF192BB4573CB206FC8D,SHA256=3ABF2684F2A7F4249B2E18FBBEC8371724C0ACBA2958F326FDF319CAF7CF7F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:55.294{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F919773185896B31A37155A5689A151D,SHA256=C4DAD3557212A5C07533AB590776BD82BCC74509D3C07BE6D7C03D7B83968759,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:56.747{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5196BB42435ACD244C55EB5A31E934D9,SHA256=05DBD9E7C3A1ABE0C3D955AB044682F3ED47AB1B01B834C569DF8D4CF7BF6B7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:56.734{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CC9B4B22D071A905ED70AAFFBCA4F70,SHA256=6A62E5937833BBB5789303C00A587844A9C12B5139AD781922736CA20F72E1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:56.471{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-069MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:53.747{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50556-false10.0.1.12-8000- 354300x8000000000000000137268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.704{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64574-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000137267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.704{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64574-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000137266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.602{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local64573-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000137265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.602{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64573-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000137264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.595{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64572-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.595{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64572-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.404{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64571-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:57.825{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D3DAC8492C47EF796E57E1D4CDC48A0,SHA256=D6A83E19106DE96E5435E437031A6AD1945A7C71D5018C4848D7B61B454C8C65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:57.737{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D5EB25769B3C66479E03FF08B0ABB16,SHA256=EF875333176D347DFB64F9B921D253D6BD717EDDAD0D26FFBAE13E8BE6C0B60A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:58.825{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BCA66B241609887A8A70CC9BF8189B6,SHA256=80C0FFBF18632E24ECFD53217B1FDA88FEB2754D007A4987C207F00B3F24A5EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:58.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EB7C60A8D5B13295D2AD0B205DC9132,SHA256=A1F79C5E77D7646F1A0326F79232FE78B311C78B83A5B38F408FDAFE9B9C08F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:59.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03891C6877E2F48E11B78F3D1EEE2D64,SHA256=49C143293E6D941CAB0E2B3009B92212EC1C0F929C135F3E3B253AF1AB20C8C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:59.840{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B9A5149CCFA29A11A871F2780ED8975,SHA256=E75F3D94553E52D26A9FF5E5F3AE094DCA3050AFB68D756B58F58FC0A5468BD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:00.856{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8B8A6A4B7343D8E7FB6A569659AA9E7,SHA256=C345A3784A8259130AFD34B55703AB98F6A848D48CF65112632C570DE526C822,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:00.768{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25482AD42E647A64905CED3CDFD6C885,SHA256=C83A0FBC75740014F6F4D3A193F0DD4ACF041C9E7828C6966B93EB9125537D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:01.887{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9C821603D028EA9A401D45E2E2A7268,SHA256=F16F69E9FCF72107C80D6BDDEED5C4BF532D509F3174812ACC5285F88EB58DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:01.783{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E317ADB153DA0E9AD478CA79990560E,SHA256=8DF8026D363F224396444FD4E19816B330B49BA675EAA877ABBCF8899B3F0CA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:59.404{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64575-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x8000000000000000120057Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000120056Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00418ba9) 13241300x8000000000000000120055Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x5e740540) 13241300x8000000000000000120054Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0xc0386d40) 13241300x8000000000000000120053Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x21fcd540) 13241300x8000000000000000120052Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000120051Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00418ba9) 13241300x8000000000000000120050Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x5e740540) 13241300x8000000000000000120049Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0xc0386d40) 13241300x8000000000000000120048Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x21fcd540) 23542300x8000000000000000137276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:02.903{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AACE26097B2A93DCC684127A78C2576,SHA256=4D7306FE4FE1D3B75D3C776B696E921BC6FF3E21549CEEB41686A55C9CC31975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:02.799{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1427AA7B687E61DC03EAA6F500A33725,SHA256=46C0B8D3283AD1ABED2C70CDA6731551DD939E7BFDE01A41B9388E75E834D706,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:03.986{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE85128AF6E8B084DF7B3C23DAB57412,SHA256=5427661C9C7B55C9B3AB49933D0D2DA855355A041EAA1EC5D3C37A337A13D30C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:03.903{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9040B824E8BECFE1077CD6B5C74858C,SHA256=85392AC32E4808E8ACCA7E78C0BE62FF4C088FE6E13ECAAF0495DE27C804C8E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:59.637{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50557-false10.0.1.12-8000- 23542300x8000000000000000137278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:04.919{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6A069DB35244DA5A5B27293FE64453C,SHA256=B09E60BF85C8BCD458A2814FBBD613A90B44544735899FC6BD2F9D7F205AA089,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:05.997{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB302E0149269D269DDD5E57BB462E64,SHA256=F8F65E2643D112E0D84EEDBC95B329376497400B2F8CD35952D104B44A952EA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:05.017{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=143FCA428376D68B4DE79A457D8DA2DA,SHA256=2B7DF0A623B0F279B09D31AA5CEA4F725A3E3DE31C15A79274B8BD17DAB9D7C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:06.220{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B086518F433A28BC50DCDE41A3DAF910,SHA256=EC84DAD0AFB50A618C52D9B396D124FA8B1268B8750C7B251B1BC6F125FBB386,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:04.529{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64576-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:06.402{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D0D0F66E3EC14D9BA28C135A7A7A7E3,SHA256=37A2347BD4141144D190BB08414399E8EA2DDC0659099E9BD0F25BD2D4C9E692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:06.402{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7AF28B017499FF192BB4573CB206FC8D,SHA256=3ABF2684F2A7F4249B2E18FBBEC8371724C0ACBA2958F326FDF319CAF7CF7F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:06.186{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-068MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:07.252{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=958B9B8BD55CBDC55E73B83F2F97E293,SHA256=BB70B4F6022AA12395877BD34A2B5152810E86E8998DCC1DE3D4773101FEAFCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:07.200{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-069MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:07.027{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=BF91ECC2634C872146E6940BA10994C3,SHA256=E9B4F6A6CF62EA2F06FF9232F923DFD852E94F88506B5EA4C7A752D86B6EDFA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:07.012{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4D7F17B357A1EA82814F8CB70619D00,SHA256=E1C1393205DD1A9C80A76A68816782A266C41F91A427F536C877C7238B86A6E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:08.752{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=BB52613F7B893B7BE894B4A001C017E8,SHA256=3AAAF040362BF091481B3A682B2B858EA3543EA200BF61615AFE261A71AF2576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:08.439{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBDCF9AEDED923194585B69C0CFB78C7,SHA256=66DD44F7DD6A36C92E3F51CE44DC06146B481C156B1C1B38357350F4A567CCE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:08.015{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C75135DF9A76531464235ED9129B3FD5,SHA256=C144963EE60FF177D692ADA203B16920A7FE7E44009F3F8B0F61B75B71B5F381,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:05.684{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50558-false10.0.1.12-8000- 23542300x8000000000000000120068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:09.502{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DB0CD3598B0396842A8FB36D32253AF,SHA256=EE1C52C6ADBC457816FD1C0F20AA2393094921F7D4AD20076C53634D394440C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:09.031{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1C10551F32A7DC06AAFB725167034C2,SHA256=96F58E5071AE561BFB7AE74CA1936736621D2A9992A6A55F38F16A958CD0E4F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:10.535{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79EB1A8962041647F352ABC2CBA00D95,SHA256=1632F9F4C50644F2B3DAD962582AB58E361D747F21978B5C2160400E7582B743,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:10.109{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10939A174B1AF57E900B1B5EEDE18479,SHA256=2E4DD65AE5EEC17C4A262D0D932C03669F61A74703E3FC81C985F2F82AEA419D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:11.566{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94C095285C7353FF7DBD46D901CE9E00,SHA256=0D2B0EB2A9D48E13018F4E00E0970444F36AE6F2E319765DB376CB1B4C167776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:11.122{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=278520602A7CC241B74D00C00C9A7C80,SHA256=163CBE43F9F75E67A37C873FA2ED31F6511E3898352D71ACF497902E615551B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:12.675{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66BB181B0484E06481EE3418268D405C,SHA256=18A6EC0710E52A550E134492D1AEFD637BF8D5E1A5507364A276AB78F0F38C6A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:10.389{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64577-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:12.153{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C53E85A1C664A9701AE9F534E574A7FE,SHA256=69E99B019B3448F0E1C2B951093B7F7C6C16C5B4F806F815B2A9141807935BBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:13.722{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BF000679CC9CA21269783581685532B,SHA256=C3AAC4EEDEB55BB940B34CA85A4E64AB04BF03F667C301261ED26FF4DF92457D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:13.169{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3886F36726CE45E559D44C5D79ABCBD0,SHA256=3DD2B091E8F432CC40B286B040D51845FA2BBCB67FD600D97BC9EC44AEA3409B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:10.716{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50559-false10.0.1.12-8000- 23542300x8000000000000000120075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:14.753{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07AD4B5D4095ABB8C529CE21B1DDEC69,SHA256=4FF1B0A428F61D5C30E54556E62D9412D7F510FFBDC055DE85720CD4E0FC3638,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:14.184{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CCE51E0DA96A94761552910EB25A647,SHA256=97BDEE9A374FDF5A4C988E0B7111E438CA38B6EEC6B8F02529655F1E2C4A7EEE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:12.671{49C67628-5043-615D-1000-00000000FD01}936C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse193.118.53.210zl-ams-nl-gp3-wk103.internet-census.org55528-false10.0.1.15win-host-340.eu-central-1.compute.internal3389ms-wbt-server 23542300x8000000000000000120076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:15.956{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4EBBCA74A46AC2A388A792914B14A78,SHA256=3EF1A80A8A83C22FB3D1955FC732CC554C1E8C28926EC48F561262ED95F4C904,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:13.966{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15-64984- 23542300x8000000000000000137295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:15.263{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7884A3EE8C57AD2C0AB10082657CDA9,SHA256=0685099CF352472D8EF8BAEE1AFF13349F42DAFC2EAB00A779CE9CBDFB87649A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:16.988{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53603305649B7DF7DB5542AC0AB96288,SHA256=FC873EAA460DB6FFF04C5F33A3A119D8CB71820ED9F28166D63E32A3E6A29DCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:16.356{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=079AE3B6B38E986A8E69A65369E32526,SHA256=2A8860ADFE04BEBEAB3B3D62F3D935CA48F55D7DBDEB9A90190ADC60649C66C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:14.062{49C67628-5043-615D-1700-00000000FD01}1244C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse10.0.1.15win-host-340.eu-central-1.compute.internal64984-false10.0.1.14-53domain 354300x8000000000000000120077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:14.060{49C67628-5043-615D-1700-00000000FD01}1244C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:0:0:9860:9a8d:b80:ffff-64984-truea00:10e:0:0:0:0:0:0-53domain 23542300x8000000000000000137298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:17.372{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFDD3BF27EB12CE3093B2C5B250599C4,SHA256=948E315D30ED8502327DD2E0393BB2546DE73495A223841C065B42E9922EF5C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:18.919{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:18.387{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8ED07002BE722318B7088F408B4FA78,SHA256=DB61A459CDC7A0F05A4C0933F0A6FE66B611D3B9ABB61DFB233768DCB4FF25A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:16.638{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50560-false10.0.1.12-8000- 23542300x8000000000000000120080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:18.003{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3F08E04FA4439382D94868271079049,SHA256=E73DD290B4FD73C355D1E73890175D01E548D2FEA0A8636FF98D201D35D18C96,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:15.529{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64578-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:19.387{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EFBB3429C4B9094F8945D019F08EBD7,SHA256=D1D3304DA3EB95B08AAF4665CFE85947B55F0D3F06A608A79D22D146CAE0FF4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:19.019{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBAD60C5234F6FC28ABBC4B37DBFE8D5,SHA256=1D8CFDF3C956A8BE572A77BEFAAC2B6237440FDB72C2BB4A76DF85150628E1CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:18.232{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64579-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:20.419{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA4BCA12064548B61C8B7A0CD6E00F63,SHA256=E9B09A9E56715CCBE5AA77771F409B77C7095F6394513F3C8E095B17989FED64,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.832{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000120097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.300{49C67628-60F4-615D-8702-00000000FD01}27203840C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.160{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.034{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF29DD7D7035BE965DE9AAE38C017D29,SHA256=A2C9F3DCF93B13ACEE21634046C3AC3F3346337FF64BE28EC764F414A7C9E5B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:21.300{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E09AD8374CBE6A3BCA84139385653655,SHA256=B4FBC0E41A0BC3F0DEAC2813526806A548E0038EC907AA200DAF200704E7EFCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:21.300{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F69CAF9A665F01D43ED8BF414013D3D9,SHA256=AE87B7264F3ED4936A1F0F9280E60EF5DCB86659DE63534E1950375CCE561610,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:21.300{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2AA4FE22E756FD165721AC1BE29B480,SHA256=227A2B84EEC0A4FE6D463C3DC63FFB147E26439E5DFE89DC6CE908C69B8ABBBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:21.450{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5542A9A3E5EEE68101A85ED6E26DA434,SHA256=39E183007E8750A65E652811AE3E2C40583CA1B882D828DA7D796F1AA4D020DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:22.466{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DB1E98E0C7169C272AEF1ACCD6EA3DD,SHA256=DA273E8129B3CD6D20956AB92936C61FCD89E3B1E018F2EC5147C506E5DCF542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.534{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CF4F138FA6FA3C6DBBF14821C75079F,SHA256=4347EC401F1B6CB27829CA8DB33933E1172C5EFF6880984CC836A14CE0BF5523,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.285{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:23.481{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AB6A2F58E568163AD29357EF1A15DDE,SHA256=A3E392D6BE22D2FE77EAA2EBD880A96518AEC0D0F0DA1383FA6811267293886F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.565{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8E1930E01197347A9E0AACD12FE6D0D,SHA256=79FC30E54346C54F93481140693B37EDE6A5D7140F91094659128E916AC65FC1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.534{49C67628-60F7-615D-8A02-00000000FD01}1928932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120137Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120136Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120135Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120134Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120133Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120132Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120131Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120130Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.394{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.315{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E09AD8374CBE6A3BCA84139385653655,SHA256=B4FBC0E41A0BC3F0DEAC2813526806A548E0038EC907AA200DAF200704E7EFCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:24.544{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E9D0F1910FCE6F4F5B217564F655F47,SHA256=03E69C3E17BB111EBBCE64AC4F98ACB3C1FD49AE7C1578FCFA3A3378C548101D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120172Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120171Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120170Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120169Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120168Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120167Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120166Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120165Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120164Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120163Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120162Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120161Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120160Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.972{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120159Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.581{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB8B6AE9B4573E5B9B1CEE3931E8C198,SHA256=ABF348A65BD01352F160C67893C7DC158027DB0B5CC8036851866CADD1924F3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:21.482{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64580-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.440{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42A241D160DEB89D60A4DC91FF1D96EF,SHA256=8F14042ABF89DBE1F8DA51B7B447864BBD9A9E635DA5D7847D95F2E782357A68,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.440{49C67628-60F8-615D-8B02-00000000FD01}100696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120175Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:25.581{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BDDD38D96B8630369DD66B2CB02343D,SHA256=FAE3CF3D8ABD5615A889F5AA22AD611F0E87F2B74845344BBFF5222C94DE8154,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:25.559{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66D894A8970364C78893380E9260F3E7,SHA256=19075C64A2233E5A88080D43D4400B3A4D76F0A6F2214E6C459F78A04D55D27B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120174Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.622{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50561-false10.0.1.12-8000- 10341000x8000000000000000120173Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:25.112{49C67628-60F8-615D-8C02-00000000FD01}768920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120190Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120189Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120188Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120187Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120186Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120185Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120184Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120183Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120182Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120181Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120180Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120179Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120178Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.988{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120177Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.596{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73CFA8C2741EA373DC0C3F2FCA9C448F,SHA256=73DCBBC2D22463D05F58F8419B7CB708E55D59E2B51D3E9C8F1D2452CC255054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:26.575{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1C6F422710E0A1B5800697E07B31087,SHA256=5A76914D879AF30D2B789F33D35DCAC916FB513D2E5FC9CB250FC21B0B55B97D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120176Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.003{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE6099BBEA76F5E1B8CA1C7247E7EA61,SHA256=888023DC4AFD3D14A600308FDC92407FB7945AD32C881C601280F9EBF5AB128C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:27.591{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DC01C31AACFD70BC414EFF816B490A6,SHA256=9D64957E0515763451557818323243F67CAF041A412661D37E7D876092A463B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120191Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:27.597{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A91BF8CFC814C59960B2014DD3EB76A,SHA256=8DB04316C9556D2ECBDD195D0F21B55F7CAC497B0AB2C7911BBA53FEFA309CCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:28.606{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17A11C25274B764593513C3CBF1D42DE,SHA256=FFD77E154A0FE9DE6FB504D43B9442EB6455F8FE6DFDDC80E991E9EB43002DE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120193Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:28.597{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52535491D8A39977FE6CDACC8161AAB5,SHA256=C6D99DE428CF256C53C2B9A535CEF47984E4FA6516904B1038610020C625C419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120192Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:28.222{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D89F299BBE4762711959985C6B644ADB,SHA256=52336A81B77D7960765CA0D064B80C1AFD707C69D7B11037C3CA74DB59F9AA98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120194Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:29.598{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8F426F24520E953B3F32D2279071D9F,SHA256=11551CA6B07D39EDD7A9E52EC7FAD0CEA0F1CFE6F1657D186DA4BE6617BE41B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:29.622{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=461486462A33DACE441D1B378C734DBD,SHA256=F7865B0211F6F18150827E3222928BBA107CDBC17398A1C7E84201F3C91B0675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120196Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:30.628{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=322390A6E9461C82F0641CC9244DBEB3,SHA256=758A6330EA0052978D67DDC052EC416D86FD2CD376E90A29A2CDB40A48E44560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:30.652{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5265ABDC301DF8CB99DFA5A0FFB94102,SHA256=D4F16A89434481A23BFCF9915CF92549BCC63144874A55E3847DD7748DFC73A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120195Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:28.607{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50562-false10.0.1.12-8000- 354300x8000000000000000137315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:27.467{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64581-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120197Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:31.629{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE8BB0952DB75B1C24676015C923D90,SHA256=60F5170F4146BD486E492683A0A3FF24B31F146B0092708F23D50075FAF09DEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.684{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E6AF2BAA69C6521EC84E96451BE679C,SHA256=D978234A93BEF5944AFCE254866C90FF5DC4B354B6981B206732D5262BCA6BEB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.730{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B6355E58DFA172AC6CC7E397BCF60AD,SHA256=3CAB4A8CCC404B12A7962A734EF56061FE06305D4896676D1F4659394B1D42F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120198Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:32.676{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE9DB545A2C3F1B4EFFD6D683A217349,SHA256=B2C60431291D16E47A2D5A82A00F1FAF5996DF88C1C4461D3D9597A6EC21E916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.449{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04611D981A16ADA39EEF2250B0FA6385,SHA256=10DB9AE8E594128A973124133566970EC0EB23D08E562AFB3531C9E6953C9C06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.449{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D0D0F66E3EC14D9BA28C135A7A7A7E3,SHA256=37A2347BD4141144D190BB08414399E8EA2DDC0659099E9BD0F25BD2D4C9E692,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.324{6EDEAD03-6100-615D-C002-00000000FC01}51242904C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120199Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:33.676{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA3661114A5FC5D8434B7568D3075E08,SHA256=CF7A438826BA52EC0DE41EDE1B36946FB110C2B3AB40CDA6363A4538DD60F44D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.746{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C94E156F3577FC4AC64B34CBBEC980EE,SHA256=CE2A95494F52D203D68891973EA44C28660C3000F0F8C361A85EF60F0EC9ABB2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120200Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:34.677{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C07EA8A6E4569827A4D715CCE2B615F5,SHA256=8E002A5E586B561216C4E6044E0B4FE448EB6A8DF914830E455EB20BE48B9C24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.762{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=893D4C02238C82659B330B4CADF79710,SHA256=831A401C8D607ED4E2113522FA00C70C3F8E2DCA3F196DD294BAF9281075AB8D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.668{6EDEAD03-6102-615D-C202-00000000FC01}39765800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04611D981A16ADA39EEF2250B0FA6385,SHA256=10DB9AE8E594128A973124133566970EC0EB23D08E562AFB3531C9E6953C9C06,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.497{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120201Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:35.771{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BF44744C6285C0653248CB1213E2C0C,SHA256=A5911AFA561E5CAEDF424B23B3FEEA9C00D61361A1699235367EDEA1F0D33A63,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.841{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.762{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1953EC86E22310EC7AE5EBC5E38311B8,SHA256=FD7AC34F84436B45F7386056EE7C78DBF31BB2F669C1E1A83DD98677FE2E6F23,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.763{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64582-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.763{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64582-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000137367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.496{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8746170761A3822A8F82BC031EA6B4AD,SHA256=BE75CD277EBA8A2BC42A5856CD9ADCBDF609E487F36B5BF079E5A78FFF4B7486,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.324{6EDEAD03-6103-615D-C302-00000000FC01}55764208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.169{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:36.855{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2C480A94E4AFB28AE8930F8AEC3FB07,SHA256=784DCC936107AAE17EA95966C7C8DA4D822C9B34B2AE51B8E2F97EF42F13BFC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:36.777{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B12523597CF4A8A2D3B61FC4A62FC7D,SHA256=3F1CA355D55DFCD4B9EE2F65EB6EAA283C9A30CBDBB8B2B917F10DA0D5430854,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.481{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64583-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000120202Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:33.655{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50563-false10.0.1.12-8000- 10341000x8000000000000000137379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:36.027{6EDEAD03-6103-615D-C402-00000000FC01}43561008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.777{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDD70CA399F9C90E6487F7D22CEF07C1,SHA256=5E615BF841E14DD963BE16F3EB29C3245E2AF25C133673D6B6E6DF672FDDEB98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120203Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:37.006{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C1A8FDF5E46AEA570122266E15A22B2,SHA256=6C183805D8CA5C62C45C91D27DBDB9855FADE542193BC62B10C09CFCA606B2D3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120204Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:38.147{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD2501541CEC31735AF4EAEDAD934423,SHA256=35B5865C93CAB6ADFA35DB81F78133A66237C0CA28983567F1DC54EFD76A9EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:38.793{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E1C5E14CCCAC15F02848D1F25B377CCB,SHA256=80DC0D99F00EA4A15B543B7FEFDBFEFC30BFB40B84D308D638A196A00A825A87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120205Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:39.148{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76EDF500847D6D0E26ED51438F6A9D1D,SHA256=264F1573854D686B561EAB6FDA75B1FA867FAA27A9CA10D1551DF00735D49F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:39.012{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94DBE9CE92B5D5A8A6E2F46038B34B9B,SHA256=9A62F09405CDFFF0C364670723F5AF6183747974A8A8D46302CC63267CCE4568,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:38.575{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64584-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:40.027{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90F595C63F7908D20B12148474974D94,SHA256=2A07696B53AB8E113A254CB40A7874A115F7E30141C145C70F38A8098560A20F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120206Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:40.148{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA52E5C1C4ACA4F20862ECA44FC1564,SHA256=4A861A8041BD965FAC8B06CDA9582C2CAD3945AEADBBA8A0C5F6C4018DD84378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:41.059{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E70B177187C5F9DC1512457F0096C46,SHA256=13180BEB86EEECA9042215B1428690645C8CA355C7ED02FD7849EF1A79FFF704,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120208Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:38.689{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50564-false10.0.1.12-8000- 23542300x8000000000000000120207Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:41.164{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9A922738937108C85415DB9CEB299A6,SHA256=851B563C052C42375239B7DBB3D62DE9342F2586995B2AECEAE020A7519E8603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:42.090{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA8FAC4D6C6150D0FD77929B248D574F,SHA256=CF67EDBE3A5568645673DA8A9088406187C517A29A99C073B8CBD6245808DF31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120209Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:42.165{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E35D26EB435C2B49B73B93AE7F25767,SHA256=EF4BA35DD22292E5E09B68C761D46CB6E956104734C0A0C08B470BF9937EE534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120210Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:43.400{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B01F9FC78AE4A0473D9F19D8BE61F1F9,SHA256=B084B6B0BDD9C52063BB0C62A961B9EE735B7950F2E6EAEB282BE16436475237,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:43.168{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8A8095770CED818E27303C04CFC4501,SHA256=2A94531596F2FEDE9CBCDD14C0A8945A127DB28846A99E47EAA9DF7408445EF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120212Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:44.431{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CDD16F146F1954316DFD109D29E396F,SHA256=DE28433F64380DC458F5A8B5180FE106385BDDF8F074701F6196917EEF643E5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:44.184{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74AB87C24AE49F2FAA2F713974DC3529,SHA256=66DD4A2A25DF05F295BE0A4C9EC3E90882AA31EE0EE2648149AD211630B475CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120211Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:44.291{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120214Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:43.800{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50565-false10.0.1.12-8089- 23542300x8000000000000000120213Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:45.494{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7542E72EEB0D67559C0CB5269093A118,SHA256=7E06D7F40CF6B5852BC94F5E4DFC04440E4172D33843B2790924C7BAB0C5872F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:45.199{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC245D5B2DD7B0C2082BA7B3E69EA7EC,SHA256=CFA0BC619D794754E6A7C68231220BE08D5E159F1DE073BC691D869284CC9C65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120215Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:46.526{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3B465BFBD6FD06E9E92DAFB28BDD567,SHA256=679810F15EAC11407B12E4B12CDC33B145CDB0154CCAA862695EB177BB2430B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:46.215{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D419281C6737C3091A807E11A349B838,SHA256=0FD3F62889791BF09CCBC4ECA1D7A6A874C3E53325757FAE69D93CFB48B10922,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120217Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:44.582{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50566-false10.0.1.12-8000- 23542300x8000000000000000120216Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:47.605{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F06F35B5ACD01C553FDC8CE217CCFA7,SHA256=5F581CBF9B3B734E8466F5344AA9DD84D482577B7FC0E95447CE8F7DB3B570AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:47.246{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19DB93108A600B2E24FDC62A2286351B,SHA256=4AC9094DC5C752ED02308DA0804973C620D52919A23380F3DA57AAFF3A079745,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120218Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:48.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6EF356F6A55329E03DF8CDD4AEB4D0A,SHA256=8952BB387B3C37BCA073871E7A15876E3CB8D52D36BEB7AF45C1766060EE4CB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:48.324{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F0697A2FBC943F980125EB5B71E6651,SHA256=9E31416E6E30A5D4AB113BA477F3881667A2D0A3A051CC380E9AEB8C3BCB5DCB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:44.497{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64585-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120219Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:49.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36A8995B3E420C6A9C1F040FAF983E2D,SHA256=C9F77164FD9028ECEBC28F52039FA1C5DF6CED3426D2D87D0C1EC3D67AABE269,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:49.418{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9851A534842AB5B7BEFFD7B89EB825CE,SHA256=BFF711F555EDAE5DFB6285C690406FD400CAFA32F227C4F77372124EF9EBA12A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120220Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:50.757{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDB5C427FF01862CC98576A4B5607029,SHA256=4FFFDCE9061A158CFC16DAC226E97C7B625D8EBA9C5D70FF1685C6EBAB2FD1D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:50.422{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4165C46741627B8174F9CC394A51B7D7,SHA256=2A8F1B8E08D20D32115AA4E3604B37D51AF17E5ECED2E9662799C4EF155F0699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120221Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:51.788{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B89B3B010A402139DCBCA76D4E0F383,SHA256=2BFC4D041F5BFD0BCD4C2111A7B0911226EC01698B748171CC3A28313A92123A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:51.438{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE831F0A55453F2E2A70595EB71DC6E9,SHA256=8EA337A56AA51C053578283F4C0CA9631B03075D78167D30C8B121EA654A383C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120223Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:50.595{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50567-false10.0.1.12-8000- 23542300x8000000000000000120222Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:52.835{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=707B115653375161F105D513998DE8DD,SHA256=88CF140B3A804DF808409DDC16473CA401FBFAE558BEA4A22AEA7E2D2734BCCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:52.500{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34C3230F10AF8290C9EA065362BE02EB,SHA256=70F1429A7B6EB6AF63EDBB6232CE7512E6E25C7769F9E01C77450CFBA198C4F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:49.591{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64586-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:53.531{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5018B3F6D711D4FAD3CB8462F1A314F,SHA256=9DBD6BEF2C2D83C2973E166D5CEC07E9B006BA913DD1CFF7764E441822B983C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:54.547{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8F6B8A996510C1B6F3E4D012BE2F1E4,SHA256=BA590002A8184751D68A6170187B6752224F3F1F1CE6B9192B8806244D112C95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120224Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:54.069{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D12B885C5DB10AA9C5E1602DB496E114,SHA256=90AFBFA4D68A49AAF1C09A6EB4D18B251016512207543BCFC8E0E644875631E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:55.563{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DD9E508D47E2B23CDC90CF4B4F9FA31,SHA256=09FBED47DBCF96428546C64AFADF1C04CEC23827CDCF5C043A8344C933649875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120225Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:55.210{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF359B3DCAAF39DC7B7F9CACE929E066,SHA256=A477BD2BF9447F3007B578F894EE42111EEDA9982B7C518E53717FCF3A546EB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:56.641{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7A16FF67EE74F4275DFDDFCA62A1B42,SHA256=83905EFF5FFF9AE2966EF55B4E0B3B3E32A65FC1FBAA34A8E502039409495E0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:56.995{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-069MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:56.304{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E9D60A7B56BB398D62DC9729FCEEC8A,SHA256=DAEEA8846562A8F949B40695EFDDD1DCA29EAAE94F2C6EF2407686D270E6030F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:57.656{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5D0AF9DB2E021F5752EB702895DED3C,SHA256=03951AE7B3C9BFA321D7C0F1C9AD9A112AB5AD5F4CC516B4D9F7D9039D2A5B66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:57.505{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75A673595E3990FFE1475DC8DF81557E,SHA256=E59CE0386008C953F1E07EBB37B3A4D73D180DA26886F32E1E8F460DCBE0D833,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:55.657{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50568-false10.0.1.12-8000- 23542300x8000000000000000120230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:58.530{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77C8CDCFAADA70009E4A7AA3BC663140,SHA256=836E04AFCD67C7A0575FFBDB6E9703C2C6CFB8E48C95AD04F4535E8286A89A14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:58.688{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82BF2354F7C641B1E917A6BFAADDD379,SHA256=3D599C2CB1EB4DBD3161B012CCEC06C27F483A9E28DDD385271FFDBCDD26AF55,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:55.360{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64587-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:58.006{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-070MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:59.655{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B12DC2002A1A32FF8F859F683AD61B7A,SHA256=13E3CC4C592F848142617593CFA530A8EA9C2429AE1DF6D37DE32F4BF024F0C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:59.719{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22F0A4B09B2A284E395D6BF2316B1C9,SHA256=3709D63D3699A7F721A49EEE131025CF5F405BDFE24784ED0D3F9085CF4F88BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:00.780{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C0D48ED89F1B5D91C193C995925B065,SHA256=0FD2650DBDED7FBD8F978B9D7582913768E428B6D84C41698A5DBE22B565CD2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:00.735{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=755E249CEA522F1781F2329469F37498,SHA256=78A0462FC8C3030C95B13A7F5B53F1225A7FCB738CBB93D252CA4F3CB3CF8422,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:01.796{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=745A4EB5712D4E34966BE4AC0B7A6380,SHA256=FE22A22506CEEF58B27299593E7AB45F15DAA16549D860C908D29F48B79CCFBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:01.797{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21DF16F8CB8A16CF0CBD35DFB0E3E06E,SHA256=D27EB23DDCE50FAF779D51AFA01428A59F1FAD7FFE4A026CBC653428ABAE1B8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:02.889{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76F66E90380F607C54766E76D0E1FCF2,SHA256=3730458EBC2E7333A1E591FFB9C1B4B7FFA81C1101ECBC2195C32573E977BF05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:02.875{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5497A6DCDD15BFEC3FF785A6BD7A774A,SHA256=867A4956FE362D963B390A7A71214AECC70A34500DADC81A33FAB52614949F6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:01.680{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50569-false10.0.1.12-8000- 23542300x8000000000000000120236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:03.967{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C129B078E8FC95F6D134B3FE7FF159DE,SHA256=F3F0AB928BA0CCE13772BFDF5F450B5EE470492D9F956961617293447A01D7EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:03.891{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8042B8E2B78427F61563B4A6C9017D7,SHA256=54943871D9BBDF569B04990998E148F61A48B3CFEB1D06AEA779B65BE5BF4C09,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:00.517{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64588-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:04.922{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=268BF175CE12F5FF194A52BDADF77FA8,SHA256=612244F954246FDB8F2C705329D619C831F0FD10323B82B70BEFAEC1241C28E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:05.969{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=229F9D1F3D4E2DE031221355539882F6,SHA256=A64F5516D55E3F09752B7B77125A9708D9A99EB15D07E1DFB6A92B64A01619C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:05.030{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD1F0E46665DA4A495FDB6F219B47648,SHA256=C1DF97C3658E7AD743AE6D8D64A0803B97890D4E0196BF433658F2C70A073F6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:06.985{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85C47A448D95DF35A6D85A56F3C43DA7,SHA256=3244ABCA9BD634E0E4E3359655D8941530FC90DB516EF9B97CC1905ADF84DA2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:06.124{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=402747D6FBA473E929261C64FA198106,SHA256=0405599169F60B3CA15EB3236901B7E75954DF3546F18D57444064AC85A8D833,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:07.985{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71AD5D09CC6A26A21A0F31A5177F80CB,SHA256=FF264ADD85FD54D31E04C1F1C540D79A0915FC27C0A2279CEBE011910E0D6609,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:07.155{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C9E6AD5DD5472C0879B7C61B3170C0C,SHA256=2D7A81ED44D2BF78E65C61833B46EB9B75094FD9A1E4AEA260917032AF15E8DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:07.722{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-069MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:05.548{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64589-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:07.031{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=99CE2377B3640AFA8CE9A6F5059B3231,SHA256=2BD95BB0BC1908CD05B78F245AA9450326E081EEBE8EDCB627B1A9572AF99F9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120243Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:08.764{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F4633FACCB0A2433886909A5CC93C66D,SHA256=302EEBF1E87A2E2EEF1195082BC2A10FFFE57B3C9330A86F94D3883A7722D527,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120242Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:05.759{49C67628-5043-615D-1200-00000000FD01}1012C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:3c12:13aa:f5ff:fef0win-host-340546dhcpv6-clienttrueff02:0:0:0:0:0:1:2-547dhcpv6-server 23542300x8000000000000000120241Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:08.202{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B46EBE80C641C243677E46983E6BC806,SHA256=8E43B520B30C956607E54D88B6C73AE1BED8C56F6D560A24D53CECDFD1092836,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:08.737{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-070MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120244Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:09.264{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A6B51A022B501E3ED79623C681F9950,SHA256=277D19FC9F1577993E2E21CA39FA976AAE13E7C5C682A85F62A9502E6C126E9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:09.014{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AAD4D517EEDA060A32133E51FA924EC,SHA256=F2CADD1A4AC91017C5863DC8BB0684E3832664C7CF8FE876D8628A709A602542,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120246Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:07.633{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50570-false10.0.1.12-8000- 23542300x8000000000000000120245Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:10.290{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36860AD234E9C48D01D54877391B77AF,SHA256=5D84BB3A18AE9D237B022F7A2CFD97193BBFA765289CFB864AB005B896E38F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:10.143{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=886D37BC03A1FD15453831A26C9CBE6C,SHA256=8E1AB570BBF9BB62828C43CA8640784F83954885117449A4AB90984B7972926C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120250Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.415{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E1F5F61E36890F6B274D5C2C4E20273,SHA256=EE33DD2F4EB4FDCE555FD302BFBD99085FCF76B31B8EEC5B70A23FC99F135C1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:11.158{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59E17EFF1A9E295185A2C7FE2039CA3E,SHA256=C3F5A40C7D2F2A279D0877B547A715D399592BF8797BE0243629AD99096BA8C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120249Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.134{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120248Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.134{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120247Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.134{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:12.415{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E94F617F4FE95A84F23F100BB77EF4AE,SHA256=9B8994B175FFF4F04767E9591762120DD04D5F2442E70D5BA3A5C3D19A81E6B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:12.173{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DB09AB17BA7E1E1332A07F3EE0F3413,SHA256=896DAB8ABE621ACDBED6D9DF41A700B6DFECCAC7A0D77FA29FF5C38780A4838C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:13.431{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06905478EEDDD11B3285D165D357D17D,SHA256=6D4DA8A00D80D60B401F43F021A34A29D46C4B8EB319C10EB3F2F83F4A3C4D05,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:11.487{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64590-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:13.173{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D99D2AF27734EB86F09225772834945,SHA256=F997004A9C2096D696459D29A4514B964090022FE8CE6CFAE5D431E6EB1585B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:14.446{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AD2084056FB76D4EED0B7C7A3360480,SHA256=D58EEE7137F90686DADFDC3DE8916455B85D0743255F24F6DA326CF2637F9DDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:14.189{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11913CB02827BA38A2247267491857E1,SHA256=117B7D9389CAC2AC012BE98B984A90AC0642C3714713F846A82F189E024C0B39,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:13.659{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50571-false10.0.1.12-8000- 23542300x8000000000000000120254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:15.462{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46BBCCE3D448DCFA6D2D1084DB276859,SHA256=46DF49F9D7D8F770AD7AE4BFEDC11A7952987E5796E808B58F8436EDEB636460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:15.220{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA1480AFE9C33B4D7B7CD00D9FBF0616,SHA256=4FE3790C52C6743840DB3792F2201189E1866E0F34B2D0549868EA0FC7851C14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120256Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:16.478{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC72C076256079854CCDFBC5750F9B9D,SHA256=4B79936D204831CD73A7EB3340A94013DFBD0E6F0A6E5C35E8BE5F41233050E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:16.236{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB27AE31A500D433EF6B199B0B05FFEE,SHA256=F0C498CDE1DFF8836E4CC98E91C6FE94FD754B813571892FFE5D0EED1A10EA1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120257Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:17.493{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7955E296C21C911B6C9CF267B843C55D,SHA256=93C38A09EAD2512248AE1B2A103F3427E3B37E73F6D65C8E99B65D163C115314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:17.314{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A50A11D922791D4C1D3CD326FF99B04F,SHA256=4331C67A575BCDE3E8FA49B66EC02C899B1EDF82AD81A4B68A3CA90EBE03DC5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120258Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:18.509{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D69258E753CCE425AD6678769F66869,SHA256=E352C43708D885DA0FF4DD2F7B152180C1AB21C959D60975AF087A4592F6D3B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:18.939{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:18.314{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B46969738C0D705148F02F267C2D46B8,SHA256=9153633EFD2C05D063126617D7EE94C605FF798E97C02120AE96BD6188AD73D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120259Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:19.524{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA9C92EB6FDAC5F6D844E050161E2498,SHA256=C7944B8C4EA508E0E5805C5B226519C2ACDA3FDCF553D149A324D9B3453DFCF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:19.377{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=943AA3E4118626592215A0CB8428ACC8,SHA256=181804673E20DD69664A9F63DA9533CA56F76985F97E6179D039722A242628EF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120287Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120286Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120285Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120284Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120283Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120282Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120281Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120280Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120279Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120278Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120277Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120276Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120275Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.666{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120274Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.540{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D78E9E38CC16BE4826B22877E52F7A6,SHA256=F104C3A54CE036D7CA410D568EF55B2DCCA5ADAAC1B32488ECF948C9D8430D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:20.392{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC3790D5F11CE85E4677E00A667ADA7F,SHA256=A21A7CF1F43A3D82190101112A415AF4B4080C8883A5D52A0E4E75A83837363D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120273Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.181{49C67628-6130-615D-8E02-00000000FD01}30842864C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120270Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120269Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120268Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120267Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120266Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120265Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120264Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120263Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120262Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120261Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120260Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.041{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:17.424{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64591-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120291Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:21.556{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94C74725875D87749A4D343651A17723,SHA256=2913B76ADE893519D52777CCFCFA248F0C7C1BBF3FCC745057A3EFA974D88317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:21.408{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57867EB65316A461C514E8061B9DFA7D,SHA256=B2BCE38145C1750F3F7707F89F195B9573E6C2CCFF7136204645320898A6F7B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120290Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:21.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B32048961DD7F4677148D933BA77D436,SHA256=31A475FF2309DFACF118518589CB00A150C53EE9601AE2177FCCC6B3145E7FF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120289Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:21.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D5B9FA1E6BB63A9ADE117E8438D2CA0E,SHA256=207F529DB9FA2FDD3DE952143F5A3C517FEC430CA25FCD52A7D1CC9F398D45E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120288Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:18.706{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50572-false10.0.1.12-8000- 354300x8000000000000000137446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:18.252{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64592-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E15488114D43F6A438D5FE47509B4DE5,SHA256=94D1E2DA3E83B2544C2419CC729704C1EFBE0B60A39D7BFC6327A55DD270B51F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.571{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED91F81245B7AD96E57B730E0AF7F82,SHA256=CD40FDE530CFC202B7F3760D958DBDD0869B5835570A65E0643564225B0D13B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120298Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120297Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120296Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120295Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120294Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120293Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120292Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.291{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.587{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F06379A6B366D773D4D36AA92FEC5D6,SHA256=5F1A77BE378DA4FBD1159F88A59DAAF9A410311608B7E28C7F856F7504BB2015,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:23.455{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DAECFC8F8641AB665659E9AEBF6B618,SHA256=AF3E65C3842B6C80A1C62E5B27F031A70E220465A1F003D87AF6D849734915FF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.540{49C67628-6133-615D-9102-00000000FD01}38002784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.400{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.384{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B32048961DD7F4677148D933BA77D436,SHA256=31A475FF2309DFACF118518589CB00A150C53EE9601AE2177FCCC6B3145E7FF3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.993{49C67628-6134-615D-9302-00000000FD01}3761304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.838{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.587{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B18822753F86591DAED760569062D990,SHA256=DB751E34469E61697163DFDAD80D7F34F95D95401D4FB4B9DCA934E411D14EC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:24.502{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=599D9510207542D0DEB8336242B373A4,SHA256=961F627CB29CD715F3DAF3F29E54FF31586D131A5B8F4DADB18EFC05F8A87BB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.446{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2C7C14E4DDD9FC930771A920C4EE1D32,SHA256=3BE02F79C925FEC6C4A6F6B4BD556082D5864D0C428E1728947C19AE683F230F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.446{49C67628-6134-615D-9202-00000000FD01}28042396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.306{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:25.915{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1A92682FDA57D7BE5F24255CA329814D,SHA256=45BE05EF8F594A243EA9941619D13CF8170E83702772CAA18BBB19F191755E49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:25.602{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=570CA3A4B91333024FE761F8F3D726B0,SHA256=94F20F0A4346F9FC70A18E190266E3CBA39039A8070E49E1273B87E6403517F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:25.564{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60771A10F8E43DE3BE618FB00A883D6A,SHA256=142F75A9E736FA80888E1EAC192FF5B69CCC98A781077566E28FC79BCCD04334,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:23.424{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64593-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:26.627{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D3E1C2246DB0524423AD2D13E428536,SHA256=DD42698D64E64BBC77E4D742731337A6DD672ED4D7B6368DAF4DCE5B70B531E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.994{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.618{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EB90844E1DC7D21BE2072FF0868318A,SHA256=F590F8AB3F48977EED6B70A20821A4AE302DB18D47D3612200C84B38175E6520,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.721{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50573-false10.0.1.12-8000- 23542300x8000000000000000137457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:27.658{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EA62544EFB737F7CAE517672D05D720,SHA256=63E797483FAD2DA6903C3FAAD5D9FD2D36D47BD342891007E48FAEC86085D784,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:27.633{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2E8AAF01007B20A982C4CDB207782BA,SHA256=0346FAB67010349D704708D6299E03A82862351D87B31AE167A63DD899738502,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:28.649{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0033196AA5049E7E5863B303C58C1D4E,SHA256=0BF60D5DED2B81F82F4DF37A5A31202AA4507CE53D2C31EA1D70FF28BFD78BDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:28.673{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9B5E2157DC704BC7B4D281D9207970A,SHA256=FA57B4DFB8AC4516CA25A24DE3730C380123997239C4357BA4B0F34CD0CEF956,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:28.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C0D4797758E8BA5806AB87B8A33CB314,SHA256=189E9FDD016E13419DAEE48DC21CB1C05BE1B90C959D47688C3365ECB7E7AC99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:29.665{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8154DD806EF7908BCD9EBBAAB60D8D59,SHA256=FDEED02CFB13E2BB3AF135BAAAFB185FE5D2407CECF825D544E323344AF4F7F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:29.689{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=260B202C29C7516861313779FE01FF91,SHA256=5ADBF474C90B692DAFC7A002C04BAB224524062673D1DED4FF0F71D81C7DD53A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:30.674{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F7C6450E7C6D11F67935841E77B59CF,SHA256=B53CF29F10407FC09B6AE081E07575BBEA2E91E31950FABA34F0DDF68C40F590,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:30.699{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A44D8B95C1C72DF4027DBF47CD732C0F,SHA256=8064DF22A950A23C7B81101280E33D28CAFFD94D8E19FAC26C54C6FCAEFB0349,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:28.440{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64594-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:31.690{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB3D8EF83AB25E7C49F6404D67B8196D,SHA256=6E40FCD28CA2CC7B32AD6ADD90B7A90A9C6279704CFE9AF3F5A84FAD9C7F8D47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.730{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B601E5E7AB36E2164846720C643E4C1,SHA256=0BD8CCCE07026EAC232A77FE77B9115F5CDF24342971093343E181C1ABB9C374,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.262{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:32.706{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5986E49FCF64A68AC2EBF4913878722,SHA256=FA4B62196B0BB0C8C855A2DA7AC417D04F764C7DB054BB21B297B8A3BBE597DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.746{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16E04335F6281C72823F026943B0C867,SHA256=596002AE193B3E51A31E9F0FC9C6CFA3BC08547823ED050816554C47A5150600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.293{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A59379C0E505D9F923F9880EDF760A5,SHA256=FF25B6D09285DAC7274A25B2B3AEDA04A2BDACBF1B0C5404FE4872DB13CEFB40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.293{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A1A5F7995E6283AEF4B4D4CF51F2D451,SHA256=2346347B0B8AA7D441C37E9DD09F3E029499EA1A4A5671F3001743416B73E35D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.199{6EDEAD03-613C-615D-C702-00000000FC01}54365316C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.044{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.840{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D6EAF895DC6940A341F448C58843DF5,SHA256=5B9007F5CE0C12F060769BFA46DD250AA279D05B20B65B863E509CEBB9ABBE0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:33.721{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB9207F18EF6A47348434209D0E42A3B,SHA256=DB2BD94047EBF9FE4273B0E0C261507A7A000DFD57D972529D7DB30442B6A477,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:29.627{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50574-false10.0.1.12-8000- 10341000x8000000000000000137490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.278{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:34.737{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A312E94C257C0EA843DDE5621B993EA9,SHA256=1E30542ABD32BA2142BA8043E0921A1CFDBCA466063B6794EBA8C336F4D23EBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.886{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E6C563E89678570EC2B14AF9DF29B23,SHA256=18C78DF3F658127E22A465048EE581E6953DC5C36AF5712B251F8BD48DEED74F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.778{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64595-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.778{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64595-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000137501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.699{6EDEAD03-613E-615D-C902-00000000FC01}52164640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A59379C0E505D9F923F9880EDF760A5,SHA256=FF25B6D09285DAC7274A25B2B3AEDA04A2BDACBF1B0C5404FE4872DB13CEFB40,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.512{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.918{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C7D7DD485E5A44554B1A04CFAB97A9C,SHA256=F41F2B2ABEBAB6717639F3D54A746C2EDA3667E21AF8CD7BC627248DABBF9FE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:35.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FD7B8F32A7879FC38340244F53025EE,SHA256=A219C5A7A1A5735E532E7EBF3968E49DFF75A730396EE8A97F0C29CB521F8252,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.808{6EDEAD03-613F-615D-CB02-00000000FC01}4002768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000137523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.512{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64596-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000137522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.653{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.590{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7663551BB3BAABA6E61FF687F914A409,SHA256=9159908AB4ECE838532E1B008E9BDE7ED2531EB236C69074A21D8149F971A3F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.402{6EDEAD03-613F-615D-CA02-00000000FC01}26805940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.154{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:36.933{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D6554251F21C30F1674DDCACA4D586F,SHA256=D82C72E9C8C28B4444BE0C41B37A9461993533619369EBCE4A75D9ECF603F0DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:36.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0B378182DB2F7CBC3339530B35A3C70,SHA256=203E581F81C993BAEA60AC2718DF0942AB764BB26A413818D82770B1C42D87F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:36.886{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FAFAB5C75552529D13BD4BF5CE44591C,SHA256=007B05029871C29048BF423A8ED926D0A3B196883E634927C9090B23B2B2A197,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:37.768{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B319A0AA1C13ED7F01534C657954098,SHA256=C37DE72BFD4BCF4EA7B154424F0477CC580B7B57BDFC06E0D7408E24465EE0BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.965{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3464E305B7B3D54C348E874504AB5D16,SHA256=9F1159F3CB613139E7192CCE15AF255571CF5CE6EFCD6E05B978F520CD0D59D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.778{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000120381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:34.668{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50575-false10.0.1.12-8000- 23542300x8000000000000000120383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:38.784{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2173D2E8067693FB67DC494F623D2DCA,SHA256=AAD9630D6DF39CE0909C491C3BB241A8CE9E29C4956FC0F87F136880256B32B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:38.793{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9C836AA6921238B0EDC742678439F7F,SHA256=260B28DF78B910F76D74E031EACA50C7648BEBB6600EEAACFE6664B3221FDE10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:39.799{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1600E8D844DBF20F08F6451C7573DF6F,SHA256=04ECCE154FB5D5B7F8248594D8F8A0B62F16673AA87AB98E59441F527D8DB399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:39.027{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75A0FEC5CE7F714802ABC35F2A841C94,SHA256=78768653A9DF75BD4D689D54B16B42CEBA28E90F9924B406AC503C2EFEE1895A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:40.815{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F359A02047FBDFD0157FC731AFEEDC8,SHA256=FEFC81A9BC6411A18580EDFE762328702C4B6E8C5B5C9EB146913B745F61A3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:40.074{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECDE7649F1A080C0045EB7D275D01D0A,SHA256=D18483E7512C8088E65F0A07618210F6BB08383836444060E8DCD7FE18AA6A06,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:39.699{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50576-false10.0.1.12-8000- 23542300x8000000000000000120386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:41.830{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C48254042A546123A2282DE24525B0AA,SHA256=7F8F45CF2261825C0ECDAD1102084F3DB6D90E4747B986D4930AC158D6BE6CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:41.137{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76A4E0EB24BC39B6B08BD6F3C64B60F7,SHA256=4DA617BD775CFD42FB1BEDF3DD84CBC0E036EE4CF7E3B705649CCB118AC61366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:42.846{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B64C1617E09ED77287B894A4B2FDAFE8,SHA256=064CAE43696D6A877ABB49329F7A2D62AB33E3A2A4924DBB8D6DD68039225FB2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:39.434{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64597-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:42.152{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFF8388F245173EB8AA5145820CD0B33,SHA256=4C7BAD0730893613118C317BDFC596AAD601CCE6A88FAD6D206EC094E452429D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:43.861{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BBE9FFE78C984A5AAD1E0D5BD20693D,SHA256=D7C78FD9D7A9CCFB1F871D3C03890C4ECFB4791DC6004A3E540933276AF0A4BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:43.183{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02973DC99AAFF478A2A07487C1A7DBA6,SHA256=1F00B74C70FF0876B9B0602B8C3848441F23C16CC4C698DB1F02D3BED1C5F162,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:44.877{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91F0D1404EC4D9309E37BF20F8747208,SHA256=6F105A13EB85F4424C1C3133962AA1F1BA6DF99107BD7F6EB8EE5C1BAA7CED40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:44.199{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAC1D04035009750B91F9DCEB44FFDF4,SHA256=646C2E5C506C881DD18CD37F8AB818E410F084DC55ED869EA2384D4279656E11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:44.315{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:45.893{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A72A131A6C3A5649172BB7DE54F4C55,SHA256=CC4C98D3F4F5A907E787FD535192712E416239FA72C2F387CFCEA48A9F9E3C84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:45.215{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6A1726C5E51A6F164BC4DA7FE596B9C,SHA256=67FF545C938548731B7BF05B1830D765A18C7AB006454330C6FE8FA4EA73C1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:46.908{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8D11CDA906B85621631BBD53AC7D85A,SHA256=EE6778229F7FC718C76CF6B47BD967D00F81DB7FC26FCECC692DFE37895C27E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:44.481{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64598-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:46.261{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25BE3CD13AF5CF477E12784D88DF43C2,SHA256=C5A3A6E49BCB7F72B120350DF867C48B3ECEC9EE526A918563651F77ED546640,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:43.824{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50577-false10.0.1.12-8089- 23542300x8000000000000000120395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:47.924{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D80AB014C1E4AF069DFCA9B845E44E05,SHA256=A6E88580116FEF81B011485C714D1794F57F80D280DA2938C6CC6F017DA3C728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:47.277{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F1920EEDDCFD045765712C78EC0DFA8,SHA256=889BC636CB48735AA29717C2D3E5B6F88FFC9DECC2569DE75CB861209564CC91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:48.939{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=562C9B30F621D58B80B6522A7D70B55C,SHA256=57AB795B0300ACA97DD037C048AD69CB84094CADDA5EB97DF91B576966C8D286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:48.340{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53E7B294E536E56E0B9F4FC8A7F67CDA,SHA256=1123167EE7BB3173A5B16D4CC9F7BB2C6F4F08D6D5EBE98B34865E3F7A2F2F62,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:45.590{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50578-false10.0.1.12-8000- 23542300x8000000000000000120398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:49.939{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=535D761EDCDD3B57525318F688B96AC0,SHA256=48517E31A6AF00E556A3EE8E302B9F5BC640EBBFE9FDEEB344C7D8ABD274EC4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:49.355{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E970CA8A40AA6E4A57384C945014E41D,SHA256=3931629AED13C0107A6031E6A50A971495D58227438C9B62AFCD411B628C715B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:50.945{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94B69864E744E6A6DE7100101C4F0EB7,SHA256=01C76ED7170529CBE4EFE558678A97C1D2AFBB82C27695BF65E75B18310AB932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:50.376{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD41C1B68C87057673E9A2DDBAD9F1C4,SHA256=EEDC703BF289E6501F4D980DDB5545D2261CA370A03DA8EB02C1EBA61886EF23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:51.960{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A92A2DD4D808EFE88FB627E0F731BD5F,SHA256=7F705FCA4AA71C3A4749187A3DE40673E32F3E82CCDC9BAA9C63C17CF2ACF773,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:51.376{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A5F5CF12FE0B9EF0796C8E4AFEC0FAC,SHA256=F56F23245C4B4A3CBE5AD77231656419BE69F63B38056CAC0CEB5999FB31248D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:52.976{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBD8F214641CE285B424D8952CA2D18D,SHA256=28E1310A607D3E32F0EB5118326F256E88FA11E974A5FB29BC9FB156454A0618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:52.391{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C76EE21032FDA648ACAE626D0AD94DD5,SHA256=50E2122F8B1FA63DEA111A533C042384A37304BCDCD766CB3762D8903EF46DE1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:50.376{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64599-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:53.485{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66DDB9173B439E21F5564EE4496A3993,SHA256=5020BBBFE1370A22B4D3C27F335182782BA79D603B835D507C033D8D1C8BE7D1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:50.595{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50579-false10.0.1.12-8000- 23542300x8000000000000000137556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:54.516{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B3E0C7DC38B4EE0852D262F88CDDCB6,SHA256=A0AFDC71298B926F7AAACE26FBB32D2C5B582D5CE50BB4088ED40F5C0950370F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:54.007{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4150EEA680CEF25DA94CE2B13FC15687,SHA256=8C48E67CB514BC9DCC768BB9012528C99AF849C19AEF892D90A9296C8FD967F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:55.548{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9C566BA914CEA2075AA65BD653A52B3,SHA256=86FD6BC44D2163666441274C975B38C56E51BBA36BDD2653A3917253D901AA63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:55.038{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2DED5EDD4A3EFA67E6ED059960BFEDB,SHA256=7F81F47A882AC27BE34C94C7CDE3F4B3D24DF187F4FAC99895ACAF5CE9B3EDB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:56.563{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B58676F8AA7A849B65EAC25A47FB8DCF,SHA256=1F947EB5FD635E5FDE93D18FDFEAA0FA2B3E2EFEDB5BAED21AEC70543411911E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:56.070{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ECDD46BCD97B4D9F3242E360666F125,SHA256=CB6A610CFF3B43CF73C00DD3FECC05239C6CB7BC00DF95084D78AC48FCFEC634,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:55.657{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50580-false10.0.1.12-8000- 23542300x8000000000000000120406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:57.304{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A45A67998F1415646C0191894F2908A,SHA256=641086AD6147B72E6898D18ED17FFCC6455755E50B9B98D5F678525E5A3BFD7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:57.579{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFE97E015E5C37A197283453D07065A7,SHA256=D7B5B43C9FE66DC38A52206C7192C9A6F26926A3C79A6F3F21FCADEA6FB2F2D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:58.526{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-070MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:58.336{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DDE8CEE72161E36FD92855B91BFEC21,SHA256=CED58BA815EEFEDB49B1B3B33CE12BCD899ABA57F4B9049C37A86E9C6A5A1DA6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:55.408{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64600-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:58.594{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51CC510F1BF9CC577BD361420D0A6DC6,SHA256=BA11F733CE921804A9FF41002577354308FC13D36E05D327CAAD63DFDEBB5E3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:59.530{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26C7720CB40C9710A9E811A92B3E6443,SHA256=7B808AC51573830DAE8470B921D1C458C1CD5BB11F823782DC55FCCEEF388B44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:59.626{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A220E6BD5B8751E0B977CF39DB6540FF,SHA256=2F52EADAC43E869B0CC66E5C42BE0AF5B4C60209A2ACE39CD8C04470B0F30092,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:59.526{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-071MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:00.759{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96EFCEB7567FE6F529389AE2EAF326B1,SHA256=56FBC933194B0DFF5BE58CD7B8BBEA87AD2EE8052BB4C923A607CE70EF48B5B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:00.641{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=603A1178673C545EEB72722BBC093AB8,SHA256=2211F1DB029908DA7FB173EF0EFDE70042DA18D2873D305ECB42BB577B631B3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:01.775{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F5ABE034EF0497DBCB6AC91FB6A4647,SHA256=48B044C9E1A717D4DAB26296E0A72E086DA6A6C1A13535C60EBABF37FB009ADD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:01.719{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=543789BE950D5C7EF394D7C3B7F62523,SHA256=567D3754C6FC866466A2AC9C10FA6844D007A6475064CF4259EAC2CFCF64AEB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:02.806{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A69BE24DC56D16435301EE87BCB9AF64,SHA256=BD558684B0101D5FD40EFBCB79AB97E5112FD8253EAA30BC255BC5855661F584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:02.766{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A83324FDF5FAF58C31A4B73DF6D4828,SHA256=6D67D61EB7EFC6A330936996D030DA3C25B85D4979B5E2D913EAC8425005136B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:00.784{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50581-false10.0.1.12-8000- 23542300x8000000000000000120415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:03.853{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9CD8E97536BA12DD563C424FAC51817,SHA256=BFCBD73E77C57553220A05A89000A3DE150374BF62F3C6D76F6F647C00E871F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:03.798{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A3431949DE3844AA55045544CF3CC47,SHA256=66ABD8A71FC73669967AC42DF92846763D9C3454FCE6BCF10A55DE6ADCE5C712,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:04.868{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83CF57A809099C8799542206269640D2,SHA256=9FE9E188AA40DF04BF3E79E3CA6BB1FB3894F146CD7E716AB1703D81817C5D3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:04.844{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B76399EB838EF42771F38FD170ACAF69,SHA256=3CE674840820B030118C0D4CAB049453F801E5E15741553838172BE21EA78F33,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:01.362{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64601-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:05.884{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91D9D2AB349052B035DC27282D3711EA,SHA256=A541B106F600FDAE3CE6B655C03C2BADBD27A91969B30EA79BF4E1030487F597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:05.860{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE6779D04008F69B4CC78BB781F8414,SHA256=189893FBA537D78031BD7BF4F16DE68158E6B7FF74B641A94EADC7FD8CACEC06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:06.915{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=797A7888C17362F2EF116DA866FDF682,SHA256=9C17F222503E47237B3D07202117DADEE80280B5CEE411034D5F1A1EECA65C39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:06.876{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=242BE45EA2C7BA549BB8904AD6B3DCE7,SHA256=17A896546E27952DADC87F911E3433A640C9DC0A305C4CB3B855BDD65102A79E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:07.978{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A91CBF44987D9CF491FBC2BF12A5B9CF,SHA256=FCBE8191C17D3CA7607F778425D411EEE437768EEB260513BC38244CDD946CDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:07.891{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1EF3C1A9496129641B500223C8225D1,SHA256=15F61569D1D28736F29244A19DE76A772321E6CCDB29909BAA43897260C06705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:07.032{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=3AA8B6EF07892212B487617C1CDA0D2F,SHA256=F09E6AC0A967F6B9B5EB4E69F86AE66E90DFEA18E694A6495C611A4ABA714DFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:08.993{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4595055F61CFC91D4445784EB171588A,SHA256=570819602AE24B2E8B33260AAE88FC5DB0E95DCAF041DBD7CFD3D19CE10B6E58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:08.893{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADF75EA9880CEB57BC05F9DDA025B545,SHA256=7202683B0119342FFA1C188E0F45BE8AB5DA5F6C87D4EE11E5A3D60191C4D081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:08.775{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=408B7541B3F4031C411E0F7293DE4C46,SHA256=517E9DFEF24E4C1AEE3E647437E39FC845B25C9B8738DED7354BFB7A7AE771DC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:06.581{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50582-false10.0.1.12-8000- 23542300x8000000000000000137576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:09.939{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0BD96623196EDB419C55FAC5B78C559,SHA256=E0D165A734021376BDD661FA594C367FF6AFAF465FE44DEAD008F0EBC9B9F4A7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:06.376{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64602-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:09.254{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-070MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:10.024{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA60F193A529745F46119083CE99CDFD,SHA256=0E5AE46E554D692A8ED8F6BCF83F6B2F7D9C4F4B8F8CB503345A2122F2155FD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:10.268{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-071MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:11.163{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA85E3177D7CDA4C6C5249546DD51BCE,SHA256=88844C456DF32975D475709D069D88C926602307AD0572A82DA4B80E84C9B13F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:11.034{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=106F40238E7D235EB98CC12CD7AAA949,SHA256=226D5A6179ACD79893F63BBBEDE9F533AF21D09D81589EC723F4BD3209283271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:12.178{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD39C45C1F16CAC939157A0FC0FEFA54,SHA256=5588A8E293BFBE779557BA09BE7B70DF665E3454E633300D5176CB915C50E12D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:12.050{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9DF4D1E868CD7C89C01D8F3B2356B2C,SHA256=84D419180DBBDC50C2D0949A586D01F8D1349B592534A00A7794885A02C4ABB6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:11.457{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64603-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:13.097{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BFF4993136193FE4FC9DBDED11F481A,SHA256=AF0B3D80F86DACFB827686EA568D98FEA1C97151F865DBAB7512C6C22500C6E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:13.194{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC78B02D323840378207AD9292DBF1D,SHA256=1ADEC7791BB0E03FB1D2BCCB7F7E7C84B624930D05858D19BCEB0EF25E51729C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:12.625{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50583-false10.0.1.12-8000- 23542300x8000000000000000120428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:14.209{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E74E6135F8A2B81FEF6A08D203F075D,SHA256=BA84F2DD287794AE6EAB2CBCCE503518E870E19D439C1C0DCC6B1120BE609E27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:14.191{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32F067810BBD4E636E528E1D71FFB7D0,SHA256=2F9CB99F68F23F63E58A2E09FC5D964D518EDA8FD00A167AF6BC4556E23E233D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:15.225{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CCBC86CD052701EE5D50C2679572383,SHA256=96854809BE709D51B78234051414506757AEFAFB68F48F705600400B1DDEFD35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:15.191{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FF29A46A3FB0F3FE57F7FAEB8920A7E,SHA256=0FBD050C1ABE98EB07BB9B7C0F86A426523A358954F9B62A27875DAFE9B25F77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:16.241{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=650B6BB002B5EFAE326F9C0A61DB1705,SHA256=64CE49D148586E55A5A26BDB49D86CC8539E89457A721A13FC51A0BDE0069644,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:16.206{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E257A4A9198342D1D384CA4F97AA81B,SHA256=96065242414FBBBAA1B17DD9BD0C8A910D7CA443399FE8CEEA8E74E613C602A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:17.222{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C38DE3E8A0AB48648417E0FF94D99C1,SHA256=18133B46026E2211F721A0D78727592E6170236D63E9736EF5F0CB83B75346CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:17.241{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39A6F50DF3456FE57107D2698370D800,SHA256=D68E5D56AB0FBDFB9C6365EA5101994FF9BF41530B237E0B7333D01544D7FAF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:18.256{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B41607F621C26C60E79D6D464B9F2E6,SHA256=507D881EE661E9340D03A74FF9C612D00F0979ADE968CB3BD9CEE56AB02CB7C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.956{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.269{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A39C434EF4BFF02B5B44B2297306B51A,SHA256=72987B33C1C3FABB072C488B2656C59437B334A35D32343435E660FF0C1D0449,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:16.488{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64604-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:19.362{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BD97DFE4A7ABB54158341162B4D927B,SHA256=AE9F2E5A957ECEA991397FE928FA2085370EE46B66C1AB815342C9F457650A28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:19.272{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61BD80AD4BF1D157AECCD5DB1E9A516A,SHA256=F2FC93BCA0AF17417608DB6D0252FE20BD5CE753BEA896561F968C9B117F8DE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.570{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000120450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:17.750{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50584-false10.0.1.12-8000- 23542300x8000000000000000120449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.350{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03323439956A4C269C5F17CC5E1365F,SHA256=56E60623A0697794E75097BC8F7D2755BE47EB771A4FDD895623804BA0F4456D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.269{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64605-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:20.378{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D120482D1B69E576889C51E968853B1,SHA256=D9CB0F974FAB7F3E291313DBFBB6D15C632A1906807161C483A5B6663DFBF27C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.209{49C67628-616C-615D-9502-00000000FD01}2556920C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.054{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:21.553{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EE36703C65E99A3DB229DD51DFC2DF5,SHA256=E13BDD5C7DF775512181B4856EB3369C768A8843660FCF61B7271FDE20BF80A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:21.394{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E36BC4FFB225A3AF6DADA4002A3CEE27,SHA256=B9D2734332FE97A6BF2EB7EEA2C6748D505BECA78CDC8A2CB5376FC506F19F22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:21.209{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F621ACCDF6AEA49DBD2A206A39400C3F,SHA256=32EDA042C3BCE61FDB9814AD9EF09928606A6B2046DED063ECC27FC312CACE44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:21.209{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=350BEC7F11A8E6E2369A671D5C4DCCE1,SHA256=22B0448C4B189BF46E26F349FE28A480A75469C4BC07F5F478389C33D0E005F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:22.566{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=127132DAAA5B3F908F155C70DC4AA70B,SHA256=4A3DA702F40E5F460CBFB58D48F91B7989F6591AC39B7129F06A007910F4CBA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.568{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFBD51BE0FFBD5BFEBE0BB9D688DB47C,SHA256=F8BCF008E49CF7B03A573114A14D26300E1995D4AABE8D15545EC1F7A0CA8B14,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.288{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:21.535{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64606-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:23.566{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=980F9965F1EE7664A551CA76D1881A62,SHA256=4BA922959A53FFA920CC56E13EE32B80CEE097614D04A9071C2A080C8ECFC332,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.631{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8524D3F99145B9EB936A4A1A3E27348,SHA256=FEA4CF7EF10ACE018CFCD4344E4470A9C974EFF70E002470E501B0BC40EFC23F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.537{49C67628-616F-615D-9802-00000000FD01}2972992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.413{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.334{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F621ACCDF6AEA49DBD2A206A39400C3F,SHA256=32EDA042C3BCE61FDB9814AD9EF09928606A6B2046DED063ECC27FC312CACE44,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.851{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.725{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCEE3622B0AB33727810E52B8E825654,SHA256=213D681DD2335534F9767ADA6396728DC0338D41F7BF188C2326E64646FD0D8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:24.581{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=885D269DF76BF492A8FE8F47A09EBAF0,SHA256=09E8B9F81BDB5AECA32D0346E5E9588B058E49C96D8C83766C72A77308B7FCB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.521{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F1C6838ACC21738B146D0D14A1C2A786,SHA256=636D17A2EE24BE914FB9D12B5C0C0406537CF59AFC876DA65B8997B30B887DB9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.459{49C67628-6170-615D-9902-00000000FD01}19643408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:25.850{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0EA0C8393FCBF22DC7E340F76F8D0EE,SHA256=BA78BDBC9E426A0F1A163C3BDCC9116B673A59575C8834D80740622BC289E9A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:25.771{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCF29CBCABA497CDE09E5164565B7698,SHA256=5CF9D7153A5A3C19FBA39B6A73DBE35151C4051D72B8F96DBFE024C1AF8E9024,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:25.628{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE8ECAEB6B2230BE76BC0F91903BA34F,SHA256=49C70B5F06B67E63D730059444D1CD95BBBB543262D912AC692F5F099476D2F3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:25.006{49C67628-6170-615D-9A02-00000000FD01}40523540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000120530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.609{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50585-false10.0.1.12-8000- 23542300x8000000000000000120529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:26.771{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4D0A8607CB05DA95162627798BC34AA,SHA256=A2FB702F08E9EFD38BA134E3D193412637E5E3F6C32C0D6ECE68CBDABD627FCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:26.644{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C3C222C44664EC71914EF52B3BEED17,SHA256=D84298EF0E594F5624014EAA45BE7D8BCBC051F7A69C799AE588864725129C64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.990{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D96F54D9B5ACE3FE3A5479E54EFCDE91,SHA256=BBCBEF15AFF3A783E8E3AC42B99C1312242BBFCB33A6B8B8116F7FEAE1368CD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:27.675{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27717A4FD14D7CC63326407D7C63A11B,SHA256=79C9C855C6A7DDD0F648034545EB83A9A9CDE17A581CB4D8B4A0D4EDA346F8EC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:28.691{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC155199E44F6DC06E6D775E885C25E,SHA256=B2B3C2D7CDA25A05783A1455069B353D5249E912D7E0F537483C9316AB9F6CAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:28.068{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6F15163649B753693DC5EA83566C1D50,SHA256=8CED0FA4E5C9B355A3FF4CE58EF61E9A4DD7D79772B08B98F0D39F74D0183A32,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000137636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:42:28.050{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7ba8e-0x17f0e7cf) 23542300x8000000000000000137638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:29.722{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0A9643A8A44D969BA6CECCC8D982CF6,SHA256=F34B00421004C68C83E78BEB23FD93AC09CB44B0E5228D4A553F10361468E81B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:29.131{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46F2B28AE8CFB2F3032279695F93CDB1,SHA256=FD3C8389438A64CB471827B9BE32BDF5DBD2CF939E6503D6E2045B460DF20397,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:30.724{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5119ABDFFF900910300F94C670DF077C,SHA256=E6BD975EB496AE7363A4FFD301C8369EEA3546E90DA64F3236F77ACC0E0F35AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:30.162{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81C16E307B81C4DDED1AA7B0B258BD57,SHA256=1145911F9BC1C654C75CEA0AFA2390D65C5CCA67982AC0FC7E20E6E9CBEECD2C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:27.534{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64607-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000137639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:27.362{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-676.attackrange.local123ntpfalse20.101.57.9-123ntp 23542300x8000000000000000137650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.739{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=001E8E79DA22DD7BC7765C8F7B35412A,SHA256=4A0D9740758899203D550BA381070A28EEBFF082BC8FD7BD5280FCF49DD90BFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:31.371{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4104EA75AB85F07FD0B646FAFB4CBD2B,SHA256=153F8031812FB6839B70836BBEF73DB617F5A4A60979D629C7A5B38AF9CCA3C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.256{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.755{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4057CAC7CD80D1E2F02E6589488DC655,SHA256=9117D63B5844EB49DD7B10816F03D5252111124A95EEF5B31CC4AF6A53547452,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:29.625{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50586-false10.0.1.12-8000- 23542300x8000000000000000120549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:32.387{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=988F6A0529C6EA0FB2F23643F39C7E5A,SHA256=031E15683621CA387FC4BFBF1DCDE35356770EF1DF770DBD84E435F4224B4917,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.286{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F20188737FC0B894796D66D9D175AA2C,SHA256=31B16783CC7294BDAF0670FD7005C843CDE5E1F5138B78F4082CDEFFACE79D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.286{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0908078CB557D8B0ED92D6287294EC25,SHA256=38E93F75C923BB75BFAB7AB12F44394F0FA21019DA994F9A7DD2F4BBE25D6CA2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.177{6EDEAD03-6178-615D-CE02-00000000FC01}55043456C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.006{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.770{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C483917855860B89A3CE0E01324B6BF,SHA256=CDD3B7F2664D37C848EF3960E2A8093B0125F247DF0B83D76C99657077705520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:33.449{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=171171DDF49015351C5AA30277580927,SHA256=1D60FF143489EE342E0F66E8269422B5277FDF983A42D824ED3C57B3A6B7F17C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.271{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000137690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.943{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.880{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D45DB873F27DDDBDE9FF3DECB5C112CC,SHA256=6683BD51A9CD992FC15152F2ECF0F5F842650EBD552864E595B77CDED5291383,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:34.496{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BCEDDE951AA5489E4979693BFA62EF5,SHA256=748A6CA239214ADFCAF039E3AFB65233CDB2A20B2869770D1952E66E98748306,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.489{6EDEAD03-617A-615D-D002-00000000FC01}3685288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.350{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.270{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F20188737FC0B894796D66D9D175AA2C,SHA256=31B16783CC7294BDAF0670FD7005C843CDE5E1F5138B78F4082CDEFFACE79D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.911{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DDCBD347DEF08EAD6BD57A5D8F933D4,SHA256=25BD7069587B61006C8F429972CEAC68AB9073BB0F11B2E98F7CFD46556E2E1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:35.511{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40D952B3442D1A196672720521CCA748,SHA256=F4AE73142F340B44262CF7C9BAC2309287B7827EBB631E231BE9DAB39FA33309,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.786{6EDEAD03-617B-615D-D202-00000000FC01}57843864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.615{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.380{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4236B68796A2D16EC58717B8601DA643,SHA256=719DC1ACE0F3A9E452C2145FFCCE9886CFCF3FA7C5175A5F6703171EF35A8AB9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.786{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64609-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.786{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64609-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.539{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64608-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000137691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.114{6EDEAD03-617A-615D-D102-00000000FC01}30843012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:36.927{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F67965509C51EC5E979D119019B8DF06,SHA256=97E3B6A0B56BB9A85FF6B0F286656881FA785A18A71534F8AD1247668F9FE65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:36.527{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4951D24268CF54F5F098753FF14DCE79,SHA256=1F371616DB6462429DB76D9C718DE20C823D35A3914E589EF6333BC51E5E8371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:36.692{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2086565840728603A7F1D97107E54DDF,SHA256=E99A196DE5182B06D3F444D36F61E6BCEA39AC671758252D1267CDD9FD59DD43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.942{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0849312EC56BC431E9DDF709AC0A6965,SHA256=A95FDF331C864EEDFA71F4B1ADC59BDE3B35F87DF1B2AFEB72810CB7764DB37B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:34.646{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50587-false10.0.1.12-8000- 23542300x8000000000000000120555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:37.558{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=359AE135B597A5ED67AF273C009EE008,SHA256=55AF2D96B8532C3CD24FA7A69D7826C66CB2661571900AC1A13B40C9255B5E1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.771{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:38.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9BEEC9E36ACCCC4E5FBDAD234ADB355,SHA256=1BA1F9BD6C0CDD58338453356F9837B4DFDA493F01AA80B6BFC60077E40F1CB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:38.786{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9048FE2AE86EFBC2A42BE9C02F08A7A0,SHA256=6BACF39E87DB24B666A8BF4BFDE4276174D5CC05675DCBD79BFF5DC7DE9E54D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:39.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9176208222FB17BC9E932B45E6172BC,SHA256=CB33C1E9AA847B9870D07768F394B45F2A502563DA91300AD0EEE8C6E3743D7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:39.177{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5B0A9F303C7F17D0CFEE446C2C220DD,SHA256=F93D8F5AB66981FE8993B23EB22D172FA33E1D0D3C72AA412FF2A41DA497B547,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:40.777{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7101450AF02E5B99A2D21C8FFDCB2D74,SHA256=A7A19CBE29914D7F6C8D9D542C78FBCE32A7659B1B18751E50E62772F2FD3165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:40.255{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14CD9E44095A443BF2B541188593FC40,SHA256=B41F8B73A308AA6285D85982D5ED915F3598123C4A17120E48A3228C1652AEEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:41.808{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654D0BA4AF193424C6059EE14E529D6E,SHA256=92C108AB317FBF122761791415EBCE4F1822244E45E26459BDBDF8E708CB5042,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:38.427{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64610-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:41.270{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91152D8BFB760F79A1ECF418218F5BD3,SHA256=A0506887A6393A6EDD3852AA35F4C2AD6613211A466DEDFC88B52F6B1274E481,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:39.662{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50588-false10.0.1.12-8000- 23542300x8000000000000000120561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:42.917{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=424784D2CE10E2AB6C4EDFD1BEC62485,SHA256=5D85A36BC7E35080B0820D9E90DA06DA71D8E398FAD9BA3CE3E7D293A3420C88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:42.286{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA570EAE7375E0B062EFB924C2D6942,SHA256=35409890C42806FBDE616CB8C4F2A18E45BB439C142A464360BD22C580F6B45B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:43.933{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EB10948395F648BDC02D5E784505AF7,SHA256=2E7CEBD1950156788C97C3A61E6155EDC9571B7B963EE9C6F33164B320DB3D09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:43.302{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FACA604C4B8F142FA94896A13179FE99,SHA256=B57A333D88086B43A4761A756CCF4B35A16491454AD3B087E352AF844CC5B6EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:44.995{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=014BD8ED742E239E35101717C7AAA0B8,SHA256=D3BCD0AF49EDDCA77BB940716A3774B2EEC2F1A83FDBB5D4C1D6C37C511414F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:44.302{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD2CE9851265ABEE6A0B6D22ABD928CE,SHA256=B9C3CDA523387C1CF4FAD2F3936976FA657F7777A3AE01FB88968AAE1226E68A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:44.339{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:45.317{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37A8773F3BB26D34DC350D3C66E72DB4,SHA256=6D78CFD717FC6E0851547A4D45F76BA4C0CA433C73586BC69EF669A4E9310BE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:46.333{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F0AFD84D845120FFA8CA566EE5DB0BA,SHA256=711A7F153DE0491C48693083B529DDB1E6FD070AED3EBE14675BF6D47C4D0BEC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:43.849{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50589-false10.0.1.12-8089- 23542300x8000000000000000120566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:46.011{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE0866CBD9D8FB65714B07338B3BC926,SHA256=72B8CF4E72674CC11140C56B723ABE63FC565D68B9274488F86427E623874BDB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:44.396{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64611-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:47.349{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52AD035EC25BA14662227F01120EF447,SHA256=0CEBE433ED0BC8B45FAC4993748185D99B2C40EAE26003621642F38BCF89E8E5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:45.615{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50590-false10.0.1.12-8000- 23542300x8000000000000000120568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:47.042{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9E89C2003D96752A3CE4F2169D11A5A,SHA256=F7345794A32D3EB18A59CB703576574100AF9AAD633A955CAE90BDF3D9565B52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:48.364{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EDB8348E010D3BBD9DDFDD658878032,SHA256=33E5D40986A96D431FB5381E74F98ECAE3C6A0EE45103B80C6AEC6CCF42EAE14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:48.089{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E416E6EA28B6C2CDA02676635966F73,SHA256=172651248410FF355A245785BAF770A5C8E411CD62CCA3CE1D29DC08417C966E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:49.364{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8E9952ADDC0FAFAAB2AEA357E5DED8A,SHA256=4FDA78E743DE6A59C788767DBC43B816C9460568AB9F0A79BD2048C579BC1794,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:49.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2C31A5F7C3B4EF5F0C8947358E65E33,SHA256=394F1B93789A52092A3AD1DD8F42FCFC8F1B7CB18081BB2DD8C283EFEFED29C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:50.336{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13999F9ECA4C270469F6CCD69B632EBE,SHA256=6647571D243B4053DA05785E3B7A8B6990B8E892DB83FA4223DD4E15BB32078B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:50.423{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFFACD98FCF9D56726CCAD6CBA315CD3,SHA256=7E99D53F74ED7E1C339F8C6D78CE158EE5962158469831430B55B83EE9FC35FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:51.501{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4FA26DB9F72925A70AD4AF77D3749BC,SHA256=585BE7862CEBB86382D83C819BAB24AE1505D5B9E3A26E460A5D798BED9E893F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:51.476{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEE0B8AD1FC32F381F46F4BA652D5B64,SHA256=DFFEA277265BFA0BB2ECADF9CE1F19F456E76B86CE24459E7CBFD67B9F6C9DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:52.579{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78690B90D6FCD7CEDA8FBC6C62D511E0,SHA256=99F16EF7238E9416873016FF882F0F5DD88B077B6CB2B69929155C1DAD455DD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:52.492{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7D537B6BF1766235DCAACE3868FCB5D,SHA256=A7AF0F500827BEA04A0FFCAC50F710B5091C2A3A99BBC165593501D96A35A981,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:50.423{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64612-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:53.595{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BCA64AFF704E1ECB5A0ECF8EF05C128,SHA256=C89A79526B2A95CE6F381CACDC4988B6004C36931A23E26E4DEC997FBFA0C8AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:53.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAB69E47F1C553EC3A8FDDC7E6CEB58A,SHA256=F660A7E17D0639E52AAFE735A8750640F20BE61258476D818E3F41868CFBF253,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:54.673{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C463E9C16A04473D8CBC449618F25A7,SHA256=2C3AD534761B858157E116D6B18B9D562BE0304D010AB05880CE35A84AF297FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:54.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A92D5F8C6D71D025305E52DC410E84D,SHA256=8468D4EE5DF7382E8AF57D84AA9D32140999517C052A68754A1F972AADCDD649,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:50.736{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50591-false10.0.1.12-8000- 23542300x8000000000000000137737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:55.704{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CFAC3FD5B1DDBD02E37B82C65286307,SHA256=3FB4CCE6F3DDDEF028C1F57D868852F2D7E73AE5112BCF3CA99ECAC13F9C5FE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:55.554{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E03B0846A76C5C119AE85D3F8C1C976,SHA256=EC5757093AE098F11B75368F66A94F5302070AB0A7FCCF906CBA3DA7E88FCC8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:56.720{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2F342E91F7E7F737CE80B364EB33DFE,SHA256=A0F0397549FF3E86FFC978418040C8949937CDD81C414B180108ABAADEF1A5AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:56.585{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FCC181A0C3572B9FBFB962E632985C3,SHA256=CA41837D734D07E181C7D663034730FDE3E01EFF8B3382387882573543D2C71C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:57.813{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82FD5B303F133530DCDD56F303A03BCF,SHA256=901562C3CD0EA28D12FDB201A64BCCA5E78B07D3B2AC9E5D37A0B77C35BBA3CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:57.601{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4751F7E5762E09DA92B74AC14E735D72,SHA256=FEE53803A1596E368CF08EDF25F20D7B93AD8DEAAA4B420B11EEB0EBF50A64D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:58.845{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70524E8BCE1224C1282806C01BA2ED47,SHA256=BF23D41DA3D87E8DB0B8E8423AE6EDDE4DAAC9A94A311280E1623D01213258D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:58.663{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56EDAB182F2757CE6B7DC9CC740D5BB1,SHA256=B2D3C26C956E3E6221F8B599525DD80E837602648B2A7D0D1736E7A207A3A9E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:59.860{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19CD300DDFF091302F51FD786035537C,SHA256=21C6874FA5212BC6E549DC2E342A90D5BE238E12B3C6128C572814039B07105D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:59.727{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DD9622A9D56EBA6AC2E3E8959939344,SHA256=D55F7DFA71A9058E329FF9D9E2840BA5A51E853BD8F92BC1FF12A6A3C5870C3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:56.642{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50592-false10.0.1.12-8000- 23542300x8000000000000000137743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:00.907{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89C2B7705268DB2BCA983F817487562B,SHA256=BD75F8223B25C4855A6D492D090915FEDE98E1B22365CC1219EBD8CE74263177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:00.837{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=716650BE2AF7FCA918D3AAAAA293C724,SHA256=FC29AD906EFDB0C58B6B01A5B7F6411B96543B68269738EC6E9FBAB18964C938,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:56.438{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64613-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:00.043{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-071MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:01.923{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEFDE58C3D8A883C53FA1BE5C2FFFE18,SHA256=2006F5C275BA83603DEEBDF3AD29339DD274FEB03ECB72DFA3B5763C1899C9BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:01.852{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32106BD199347DB2629A149E299A9E66,SHA256=6E31FF36F45E1A878223BBFDFCAAD1D87AB9CE5DAF7AB312156800397D6B907B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:01.040{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-072MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:02.954{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18DE0492112A1C7BBF184B54B9F0E85A,SHA256=B0EAA991D023ABD5A4262A6B51C27634A9F6604CF6DE190C12B242303A21298D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:02.867{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=307383CBBE94D353C184333A3C08D1C5,SHA256=38D30F071B2F129C89473CA03055FAEB2F84002CBF1B01C6AC147C84CA8BDC10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:03.970{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F1EA6616B0945F3F96906729D82957D,SHA256=CA302C7DCF7807B6EEB4384D37B034681B3F68A8203EFB8271734F9A1DA77893,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:03.867{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17CFCD281EC20F1428F77DB156DEEB90,SHA256=FE0363E547456ED0D5A0CE978A78366B9299E2AA7F9A85C5D0489519DDC2366B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:01.642{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50593-false10.0.1.12-8000- 23542300x8000000000000000120591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:04.883{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=611491D24825655ADF60ED998277BC1C,SHA256=062DDDFC798135B537ECD2A7D1874B26F0D56B040AAE8062A953EF2FB38DCF07,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:01.548{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64614-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:05.898{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B66064F3FD8D86B93E03EF58A7022E9A,SHA256=80C04BED82ACB1398E35FE3254D4ABE0C39822E4A92FF38D30B4430F4258EEED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:05.001{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6DE60D948DA6ACAD56FAE10C591089D,SHA256=732AD34D51E1B99CC2CC3F4136BC45BB4029D43B83CB906C6B772720D1EA137E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:06.914{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00BFF100521B4FC0561809C472748CE2,SHA256=9FBC15A2EBEDA17E3A6BCC047BEE18A9D4D66A303E2AB8D2CC987E37D8834AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:06.032{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBC38F3F41ED2E2DDCEC310D1DF9DD25,SHA256=C327E897827CAD9FD9BA6001EBA3AC56A4B4D62A588513AA73441BEDF52528A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:07.930{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD465E2EC1385A19185D6DA5CDC978A1,SHA256=CDF6135E449D0ACE65692E403A1809AFE3B52D8D7C6F55E95AB0F00BF42C3050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:07.048{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C6AEE9AE2489880645072B669378ED16,SHA256=1A8B6CD30CA35FCD4804DF39E20B2F4277BE4FD5136FD5E5EDEA8737CF12A429,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:07.032{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=439937ABF602D003EF9E83BBFC14786E,SHA256=4B1488AA8456A1374F4E33132157611172668394B60E822DD2411EA2E3492E48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:08.945{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13097E5C108361D4A3D2B41CD11C4A44,SHA256=EC0CF7B130E230F6C0148EFB0810C323399373DB507F66BC220DAB0A244EAFAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:08.095{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29F5AA0B6A84DE3633836F643ADC4A6B,SHA256=0C32DE7889F35F4265695FB32A27F09D7DA2FE184AF7CDBFF19F29B14665BC9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:08.789{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=500EA172E1891B506C596CC3F5AD4785,SHA256=0FA71798AFF6B022FB2EF1CDDBA2253DA19768C845A334A5CC8B1AC2AE574482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:09.961{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F4E801B25C72A314112C1491B232AD4,SHA256=EB7F417CC13BC94C91D733177E8BF8FD273585B04253C25E5B4A9E9A33021400,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:06.579{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64615-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:09.110{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77D6F4FB2FA82D5A23CAD86287C1CEFF,SHA256=9AD2D03E2535A480B7D9597A7AE4EB2ABD7BE5D3C0D4665C97A756ABFE99ECD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:10.961{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E9A70D42A34732E3E3F4B3845132410,SHA256=06587904A9A7AABB6AF78C41B59933C24A99A5EFE569D0AD7B2CB2D59EEAA6C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:10.801{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-071MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:10.110{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6187E4F8675872DBF12DD11E0AF519D5,SHA256=84AAFB0441BDB41FBC1200D8DB4CC7A36F0B7AB877503D372DB7CB91624EC1EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:11.976{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2950F6B2B8AEE887A99296FE39B8372D,SHA256=B1FC904A44A9AF05D72748420B5B9C59BFBCDE726BFC3C8D62AF2534CE13DA11,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:07.595{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50594-false10.0.1.12-8000- 23542300x8000000000000000137758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:11.799{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-072MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:11.345{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E18E21EB48BBE969971252BCF4B81D7,SHA256=E95354461F7D70032CCFC0A2F6FA847FCEBA0DCE7E3FC0A822B2D25DE6626CD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:12.378{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D84AA44FC05A5956B77672661C59859,SHA256=FDD757EDBF25DDE9639DF69CF419BA3F37C791E43BB8A1B98056D50C1AC70CF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:13.440{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=010E20BBC4868AC6C077DAF93BEE427D,SHA256=2152C3F4CC3893056901A2F30DBB7264F7691EFC83E0662A459396AEE164538F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:13.195{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=018AB6B91EB75D39817E915CCEC48747,SHA256=22522A39E7B13ED0944B042E377136DF177F183873586DF639921AE68D54492F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:12.347{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64616-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:14.456{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AA7A1371D019C3D7F3825285F206260,SHA256=2D73D5D26303EE55CAD5C4AB7658F53D60A416F4CE822F22305C88F422890009,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:14.211{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F16E2D868262E691D6C0E8BA6A6DF13,SHA256=3AF96F67B634ED859912C8516DAB8169961B12BE1E895048B7FBAA8E0921C02A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:15.242{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB97A020321C666D5C780A92167E3335,SHA256=F91CFDDCAEACBD21A1E15296638CDC71B1F157488E5AB97B3BC78BB2C83012F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:15.487{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BD4596F1E1F37FF3E1C8CB0E87C0EBC,SHA256=7A100BEDB11E02C45C1F872323DC1A166BA3CBCF74B497BD538E570006852B48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:16.289{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=155EBF38DDA350E000BA61AD1FB66978,SHA256=C13AF0B6A3B13D90624964D04D93564E70FF31930A5B5CFFC7B6F6CA88112866,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:13.580{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50595-false10.0.1.12-8000- 23542300x8000000000000000137764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:16.503{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B91744157FE230CF0166023E899958FC,SHA256=304AC7533FBA97966F33D765B00DF1A6D25D27259D91A75B7D9B0F5F11314D8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:17.290{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9E9C82DE95BB845074CA3082F5F37B5,SHA256=892D7CF18F0AC216BAC23F7DA1081DCC6E2ACF850318843ED604E4FA8FF1C144,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:17.519{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62C1E5B0544B10012B0FD5CD30CC1B91,SHA256=D0DEEF9B46714A61DB6C65B26CF7AE942B462962DBDA739D07A315BEC5D07F3F,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000137774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000137773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00448b0e) 13241300x8000000000000000137772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0xd2c6546c) 13241300x8000000000000000137771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8e-0x348abc6c) 13241300x8000000000000000137770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x964f246c) 13241300x8000000000000000137769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000137768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00448b0e) 13241300x8000000000000000137767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0xd2c6546c) 13241300x8000000000000000137766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8e-0x348abc6c) 13241300x8000000000000000137765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x964f246c) 23542300x8000000000000000120607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:18.398{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81ED9C3185400AEECA0DEBCE830769F7,SHA256=F6C4635CC3C1B45EE9D96978132EB888600A67DAD109312A5D29114CDD3F0502,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:18.987{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:18.519{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F26D57999B852C5FAB2CDB20A62F4D7,SHA256=7F41C14AAB6DD526BB4B43AEB4A8069370E9B6F4047E443B50DB9B88405AFA59,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.492{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7F465A3733BE7BACDA7CC4CA1B00E74,SHA256=58E046AB89349D4100FF518EAB9E23211DCA0416A5A572DC8BE744E3BAA3E350,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:17.393{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64617-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:19.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4244BBA3CFD9B501E58031513D21FA7,SHA256=908940C4C9D5BEABC6376CC938AD5CAA76247ACFEBB4F96559444DE46764C34F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:18.300{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64618-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:20.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DE5E84DED9F0D03703FE3A19AAA9EB6,SHA256=1D3A9437AA4A2AA37073914A2E4196157E3053860FFB93ABBB8CEFCC91CF099F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.587{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=306B597B144C5F2E052184B8BD6D8FA0,SHA256=3A5E3304E9989F9AA2AB4DB2B1A5EEC5DBF3A94FBC9B66A34EEC6F8E562C48D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD05434BDD607599223B496847BE0F34,SHA256=F43DF5F3FAAC5D176C505951E024003F892B09E2B88EE6E1D782B5C6C749D378,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.117{49C67628-61A7-615D-9C02-00000000FD01}5044000C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:21.565{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E6C641A7F323B29A6BC93DAFB2E37ED,SHA256=CF99CFA9D0FAD7E3E1C3E25FFBB27ACEBCA5B6D8A0B5FC1522BA996C918994CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:21.554{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2EB3E16A48967A862C80730B61C4D4B,SHA256=EAB18D3CF857B27C0260570371A650786DB36B0C2E71112D5A938E473B642111,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:18.705{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50596-false10.0.1.12-8000- 23542300x8000000000000000120639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:21.117{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=88320187154CD9847783E00016779C81,SHA256=9EA7894EE308B2D5F86306470EEE30935B4DDBAC504DEF2FB8ED1CDC4E100B55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:21.117{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0C7FD5B171F25F7DDCF8A3356C3F925,SHA256=D29FF979DC7E57855F999E67E87130AF80804667FBBD55B52111D7816F920B1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:22.581{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B52CC56F483CF305C054420CD3F1EE92,SHA256=7EDF1322061436F62C83B355AB2D1F77A5FB49BD0D82CC25F8F6790F1D8DD93F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.586{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=358E9649A1B81C06001276A2A906D737,SHA256=7F1089D28ED75D062FCFDA3FF584ED2FFDF53F17B4C6CE119503427194F6E69F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.305{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.632{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9381250159AC434EB863573DAF7EE184,SHA256=3C1A5501E7CE5D6FCA73ED0895AC83BE5F6E1A68F825437BC700A7B518DD22EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:23.597{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E92A6B6CE606A74C893929FE1556168B,SHA256=B266101890FF814CCFA2E42B88BB2BF16147C8670E2F98843761A5C372F7C618,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.554{49C67628-61AB-615D-9F02-00000000FD01}22043288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.429{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=88320187154CD9847783E00016779C81,SHA256=9EA7894EE308B2D5F86306470EEE30935B4DDBAC504DEF2FB8ED1CDC4E100B55,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000120699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.977{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.695{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D93FFCB41F54A9BF2F6F2F43C615A883,SHA256=0DAC3F7147F6914C20BD568A788D3E553829E125038263AAEB821DBF7D7F63C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:24.612{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E71F5C29B75B8EA8859425CFC1765BF,SHA256=1FE3C792891F02E1BF6FF3D5D01187AC69D8E0AE6BCAF1A048AF71F329E1CECC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.492{49C67628-61AC-615D-A002-00000000FD01}22803344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.305{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:25.710{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DEEC41F493F0000D001AFC0E1313BAF,SHA256=E76C127CB917092DC9CFE081E9CDFAB41B879895EAC4E2A5E5BDC680379DA463,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:25.644{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D842F562E008EC328F7B051F119F90FF,SHA256=C7B42BC59E23DB8F524F3104852E37C90D35AB8D9A7B43D7E254A6C086995A67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:25.320{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FFE6101DF17DF03A3185D426662505FD,SHA256=0607B4386F58B3031C2531A7156F948090068D423D1A6F118A9E4184A291B7D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:25.195{49C67628-61AC-615D-A102-00000000FD01}14802500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000120704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.610{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50597-false10.0.1.12-8000- 23542300x8000000000000000120703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:26.710{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E048DCA2C1B84FBCB6202836AC9361D7,SHA256=C7605F4517CD07901D7381D45C96AA82A08E96D468D44AB4B7820B467F76746C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:26.659{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=118C5368FAF2E3606D1DFB26E6D01F11,SHA256=7122B9D66AAAB78C61F2D8770D539EFD421E10E0CABC57E984C7D941E95CE57F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:22.534{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64619-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:27.690{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AE06352FEA7BD9F5B4F45DCD28AA278,SHA256=3A3DF2DEA65BA3958E5AD0F445BFD6917F3E4A5379864485A230E5943E4B59CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.726{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=459B5BA67A2A3AE4536D95013F2F3D3D,SHA256=9683D7B4897052AC7AA41B6D17B9B45F81995F5843A57910DDF095D3E10AC4F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:28.741{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBB9EE23CBF93FD52A8F891497DE9050,SHA256=0E944E6C0DC5FA5D09A4F0C4A9D1FF1C81DAE37A396DD2FD923E257D49233DFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:28.769{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F402A4772889B78E8AF5986492408C1,SHA256=4346E051E88366ED636BB1ED8B34B1D00EC4CDC1862BD30967672C0BFBB0D1EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:28.054{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=243E74FDF17A7BDE7DA672191D8FBF42,SHA256=6E00FCC54D23E75C18DFDCDC67CDB2C82F1EB3E2E01D7FE15AC896CC47D54E94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:29.773{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0240EB757646D857BAEDC0269B1BF45,SHA256=D2EE9DC1596BCBFA44F7F13882E749A616A295F1938B02A89BBB93AE3D2D6E46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:29.769{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5698280D96C3ED44196E44DF6C290BB,SHA256=50258D6E9520D45378B79E19DBF8B8A9F2D50F91B554EDE6E6007DFDBE699565,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:30.778{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC671A6403BCA785558D3F04CD2CECA2,SHA256=41D8830F5C961466616700E9AE884CD37B6623A4D56491653F83620C2FE812B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:30.771{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73DD2FBCC3AB1A8D8D650222D22F8C60,SHA256=2FC70A47C901D7BCD540D2380233F29B74DE35D3C81965F9176C6ADB5A5D5E65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:31.793{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADCA1D7A9441D1DC5210BF82A41617D4,SHA256=83F942CF38A46A8C6EEF756DE8BD512D99969CF8A9131EF43053843E19DCC6E2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.883{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6328BBEC277510D2C70D873BAFF81764,SHA256=B9C8E2A2B2E01C2EA17E9E6A3E26025DF48878E52C6A9FDCC7D3431EC773C39D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.552{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=FEC10D032D4C1482EC3344D080A18D86,SHA256=CBDF3330B6C32FD99081CE872B01E880416AC799D4023A8AE33EE52F1179E5F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.552{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=3F02BB4A8F71D872C238988C05D98512,SHA256=0D35CD6A3A23CA28FCB7431ABF8D449676CAC4A4FC6709DD4A342B00F6F3F14B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.537{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.537{6EDEAD03-5041-615D-1600-00000000FC01}1292756C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.521{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.505{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+7396|C:\Program Files\Mozilla Firefox\firefox.exe+57b9|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.490{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.490{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.490{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.443{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.443{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.443{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-61B3-615D-D502-00000000FC01}55962436C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+8ba5|C:\Program Files\Mozilla Firefox\firefox.exe+57b9|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.442{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372MediumMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000137812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-61B3-615D-D502-00000000FC01}55962436C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+7396|C:\Program Files\Mozilla Firefox\firefox.exe+57b9|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000137811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localInvDBSetValue2021-10-06 08:43:31.396{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exeHKU\S-1-5-21-1984405510-3441252591-1346373189-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Mozilla Firefox\firefox.exeBinary Data 10341000x8000000000000000137810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.380{6EDEAD03-5041-615D-1200-00000000FC01}8484828C:\Windows\System32\svchost.exe{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.380{6EDEAD03-5041-615D-1200-00000000FC01}8484828C:\Windows\System32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5391-615D-0E01-00000000FC01}4800400C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\windows.storage.dll+10932|C:\Windows\System32\windows.storage.dll+10629|C:\Windows\System32\windows.storage.dll+104ff|C:\Windows\System32\SHELL32.dll+80257|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+18cf2c 154100x8000000000000000137802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.351{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000137801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.256{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:28.503{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64620-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.427{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=FEC10D032D4C1482EC3344D080A18D86,SHA256=CBDF3330B6C32FD99081CE872B01E880416AC799D4023A8AE33EE52F1179E5F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.380{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=177C3354ABA3FA5CEE1C720FF4AD6921,SHA256=D04D7EB83833E3AAB77B7DD7311FF6E6CB3CA6D28EEBD0C817518EE73CEDFEA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.380{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6519550FC762DD3B4CDA15B08DA60EED,SHA256=87FEC69C36E059FB3477816A2982321062C623B8313045E39B24D0AF5C6E3FF5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.068{6EDEAD03-61B3-615D-D702-00000000FC01}36523520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000120725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:29.704{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50598-false10.0.1.12-8000- 23542300x8000000000000000120724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:33.012{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE51C027E770EFD7D85E6CDFFCCDFD27,SHA256=782AD938ADE46A922D707967D75CB6FADF3997A5B8F29229193BF2BB411C3E2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.958{6EDEAD03-61B3-615D-D602-00000000FC01}18923408C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a0b461|C:\Program Files\Mozilla Firefox\xul.dll+a6c6e5|C:\Program Files\Mozilla Firefox\xul.dll+d0281|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+1747b79|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+26742|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.958{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23F6183EFF28EE4E98EAB6A3C061C70C,SHA256=88D89BD78717FB7DB194776624C7FC6DD8BB8EFBD4E115D777D0AECC86A4E62E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.943{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.6.212096732C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+1b80fc|C:\Program Files\Mozilla Firefox\xul.dll+a15446|C:\Program Files\Mozilla Firefox\xul.dll+a0ffef|C:\Program Files\Mozilla Firefox\xul.dll+19ce81f|C:\Program Files\Mozilla Firefox\xul.dll+19ccfc1|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000138045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.6.212096732C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.4.42794861C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+14cbf5|C:\Program Files\Mozilla Firefox\xul.dll+14cf69e|UNKNOWN(000000A1BD584A10) 10341000x8000000000000000138037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+14cbf5|C:\Program Files\Mozilla Firefox\xul.dll+14cf69e|UNKNOWN(000000A1BD584A10) 10341000x8000000000000000138036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+14cbf5|C:\Program Files\Mozilla Firefox\xul.dll+14cf69e|UNKNOWN(000000A1BD584A10) 23542300x8000000000000000138035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CC7494D27CDACC5CF81FD505DF5874,SHA256=DB6E8B145E355E39C72A48992E901F64BA4DC53C1B657EEB6127DAB989FFA9E1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a5b7d9|C:\Program Files\Mozilla Firefox\xul.dll+e50238|C:\Program Files\Mozilla Firefox\xul.dll+19e1f56|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+19ae344|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000138029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-1C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000138028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-1C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}18923408C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a0b461|C:\Program Files\Mozilla Firefox\xul.dll+a6c6e5|C:\Program Files\Mozilla Firefox\xul.dll+d0281|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+1747b79|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+26742|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a5b7d9|C:\Program Files\Mozilla Firefox\xul.dll+e50238|C:\Program Files\Mozilla Firefox\xul.dll+19e1f56|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+19ae344|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000138025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000138024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-0C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e49022|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7 10341000x8000000000000000138022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+e48ccc|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278 10341000x8000000000000000138008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0 10341000x8000000000000000138007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0 10341000x8000000000000000138006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0 10341000x8000000000000000138005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+e48c43|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff 10341000x8000000000000000138003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+c2e55|C:\Program Files\Mozilla Firefox\xul.dll+e4891a|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7 18141800x8000000000000000138002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.896{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.5.179435874C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+1b80fc|C:\Program Files\Mozilla Firefox\xul.dll+a15446|C:\Program Files\Mozilla Firefox\xul.dll+a0ffef|C:\Program Files\Mozilla Firefox\xul.dll+19ce81f|C:\Program Files\Mozilla Firefox\xul.dll+19ccfc1|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000137998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.5.179435874C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000137997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.3.60027314C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000137995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-538E-615D-FD00-00000000FC01}1001288C:\Windows\system32\csrss.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.894{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.4.427948615\1429646419" -childID 3 -isForBrowser -prefsHandle 2812 -prefMapHandle 2816 -prefsLen 1809 -prefMapSize 235910 -jsInit 1128 285716 -parentBuildID 20210922161155 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 2852 1dae3807938 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000137987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.881{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.4.42794861C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000137986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.865{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2DF622A061C3E48E84B49CD2540CCD8,SHA256=50C141720882143B11A7B0D08D2481A94E1E7A72EDDC40B310B3C1CF772AF6E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.849{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e49022|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d|C:\Program Files\Mozilla Firefox\xul.dll+16fe0ad 10341000x8000000000000000137983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+e48ccc|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d 10341000x8000000000000000137969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4 10341000x8000000000000000137968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4 10341000x8000000000000000137967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+e48c43|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d|C:\Program Files\Mozilla Firefox\xul.dll+16fe0ad|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4 10341000x8000000000000000137966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+c2e55|C:\Program Files\Mozilla Firefox\xul.dll+e4891a|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d|C:\Program Files\Mozilla Firefox\xul.dll+16fe0ad 10341000x8000000000000000137965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.818{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.3.600273140\858900601" -childID 2 -isForBrowser -prefsHandle 2676 -prefMapHandle 2672 -prefsLen 1769 -prefMapSize 235910 -jsInit 1128 285716 -parentBuildID 20210922161155 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 2688 1dae3808f38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000137957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.818{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.3.60027314C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.802{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.d